diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-12-06 19:57:55 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:48:30 +0000 |
| commit | bf3aadfdd39aa197e18bade671fab6726349ffa4 (patch) | |
| tree | 698567af766ed441d757b57a7b21e68d4a342a2b /nixpkgs/doc | |
| parent | f4afc5a01d9539ce09e47494e679c51f80723d07 (diff) | |
| parent | 99665eb45f58d959d2cb9e49ddb960c79d596f33 (diff) | |
| download | nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.gz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.bz2 nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.lz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.xz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.zst nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.zip | |
Merge commit '99665eb45f58d959d2cb9e49ddb960c79d596f33'
Diffstat (limited to 'nixpkgs/doc')
58 files changed, 1273 insertions, 1137 deletions
diff --git a/nixpkgs/doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua b/nixpkgs/doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua index 92dc6895750f..1c745393a04b 100644 --- a/nixpkgs/doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua +++ b/nixpkgs/doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua @@ -27,6 +27,10 @@ function Code(elem) content = '<refentrytitle>' .. title .. '</refentrytitle>' .. (volnum ~= nil and ('<manvolnum>' .. volnum .. '</manvolnum>') or '') elseif elem.attributes['role'] == 'file' then tag = 'filename' + elseif elem.attributes['role'] == 'command' then + tag = 'command' + elseif elem.attributes['role'] == 'option' then + tag = 'option' end if tag ~= nil then diff --git a/nixpkgs/doc/builders/fetchers.chapter.md b/nixpkgs/doc/builders/fetchers.chapter.md index d9f22b062827..12d8a5d887fd 100644 --- a/nixpkgs/doc/builders/fetchers.chapter.md +++ b/nixpkgs/doc/builders/fetchers.chapter.md @@ -1,16 +1,55 @@ # Fetchers {#chap-pkgs-fetchers} -When using Nix, you will frequently need to download source code and other files from the internet. For this purpose, Nix provides the [_fixed output derivation_](https://nixos.org/manual/nix/stable/#fixed-output-drvs) feature and Nixpkgs provides various functions that implement the actual fetching from various protocols and services. +Building software with Nix often requires downloading source code and other files from the internet. +`nixpkgs` provides *fetchers* for different protocols and services. Fetchers are functions that simplify downloading files. ## Caveats -Because fixed output derivations are _identified_ by their hash, a common mistake is to update a fetcher's URL or a version parameter, without updating the hash. **This will cause the old contents to be used.** So remember to always invalidate the hash argument. +Fetchers create [fixed output derivations](https://nixos.org/manual/nix/stable/#fixed-output-drvs) from downloaded files. +Nix can reuse the downloaded files via the hash of the resulting derivation. -For those who develop and maintain fetchers, a similar problem arises with changes to the implementation of a fetcher. These may cause a fixed output derivation to fail, but won't normally be caught by tests because the supposed output is already in the store or cache. For the purpose of testing, you can use a trick that is embodied by the [`invalidateFetcherByDrvHash`](#sec-pkgs-invalidateFetcherByDrvHash) function. It uses the derivation `name` to create a unique output path per fetcher implementation, defeating the caching precisely where it would be harmful. +The fact that the hash belongs to the Nix derivation output and not the file itself can lead to confusion. +For example, consider the following fetcher: + +```nix +fetchurl { + url = "http://www.example.org/hello-1.0.tar.gz"; + sha256 = "0v6r3wwnsk5pdjr188nip3pjgn1jrn5pc5ajpcfy6had6b3v4dwm"; +}; +``` + +A common mistake is to update a fetcher’s URL, or a version parameter, without updating the hash. + +```nix +fetchurl { + url = "http://www.example.org/hello-1.1.tar.gz"; + sha256 = "0v6r3wwnsk5pdjr188nip3pjgn1jrn5pc5ajpcfy6had6b3v4dwm"; +}; +``` + +**This will reuse the old contents**. +Remember to invalidate the hash argument, in this case by setting the `sha256` attribute to an empty string. + +```nix +fetchurl { + url = "http://www.example.org/hello-1.1.tar.gz"; + sha256 = ""; +}; +``` + +Use the resulting error message to determine the correct hash. + +``` +error: hash mismatch in fixed-output derivation '/path/to/my.drv': + specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + got: sha256-RApQUm78dswhBLC/rfU9y0u6pSAzHceIJqgmetRD24E= +``` + +A similar problem arises while testing changes to a fetcher's implementation. If the output of the derivation already exists in the Nix store, test failures can go undetected. The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations. ## `fetchurl` and `fetchzip` {#fetchurl} -Two basic fetchers are `fetchurl` and `fetchzip`. Both of these have two required arguments, a URL and a hash. The hash is typically `sha256`, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use `sha256`. This hash will be used by Nix to identify your source. A typical usage of fetchurl is provided below. +Two basic fetchers are `fetchurl` and `fetchzip`. Both of these have two required arguments, a URL and a hash. The hash is typically `sha256`, although many more hash algorithms are supported. Nixpkgs contributors are currently recommended to use `sha256`. This hash will be used by Nix to identify your source. A typical usage of `fetchurl` is provided below. ```nix { stdenv, fetchurl }: @@ -24,9 +63,21 @@ stdenv.mkDerivation { } ``` -The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball. +The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand, will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball. + +## `fetchpatch` {#fetchpatch} + +`fetchpatch` works very similarly to `fetchurl` with the same arguments expected. It expects patch files as a source and performs normalization on them before computing the checksum. For example, it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time. + +- `relative`: Similar to using `git-diff`'s `--relative` flag, only keep changes inside the specified directory, making paths relative to it. +- `stripLen`: Remove the first `stripLen` components of pathnames in the patch. +- `extraPrefix`: Prefix pathnames by this string. +- `excludes`: Exclude files matching these patterns (applies after the above arguments). +- `includes`: Include only files matching these patterns (applies after the above arguments). +- `revert`: Revert the patch. + +Note that because the checksum is computed after applying these effects, using or modifying these arguments will have no effect unless the `sha256` argument is changed as well. -`fetchpatch` works very similarly to `fetchurl` with the same arguments expected. It expects patch files as a source and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time. Most other fetchers return a directory rather than a single file. @@ -38,9 +89,9 @@ Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `sha25 Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`. -Additionally the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout. +Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout. -If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) and [git clone --filter](https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---filterltfilter-specgt) for more infomation: +If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information: ```nix { stdenv, fetchgit }: @@ -50,8 +101,8 @@ stdenv.mkDerivation { src = fetchgit { url = "https://..."; sparseCheckout = '' - path/to/be/included - another/path + directory/to/be/included + another/directory ''; sha256 = "0000000000000000000000000000000000000000000000000000"; }; @@ -78,17 +129,17 @@ A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are m ## `fetchFromGitHub` {#fetchfromgithub} -`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `sha256` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available but `sha256` is currently preferred. +`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `sha256` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available, but `sha256` is currently preferred. `fetchFromGitHub` uses `fetchzip` to download the source archive generated by GitHub for the specified revision. If `leaveDotGit`, `deepClone` or `fetchSubmodules` are set to `true`, `fetchFromGitHub` will use `fetchgit` instead. Refer to its section for documentation of these options. ## `fetchFromGitLab` {#fetchfromgitlab} -This is used with GitLab repositories. The arguments expected are very similar to fetchFromGitHub above. +This is used with GitLab repositories. The arguments expected are very similar to `fetchFromGitHub` above. ## `fetchFromGitiles` {#fetchfromgitiles} -This is used with Gitiles repositories. The arguments expected are similar to fetchgit. +This is used with Gitiles repositories. The arguments expected are similar to `fetchgit`. ## `fetchFromBitbucket` {#fetchfrombitbucket} @@ -96,11 +147,11 @@ This is used with BitBucket repositories. The arguments expected are very simila ## `fetchFromSavannah` {#fetchfromsavannah} -This is used with Savannah repositories. The arguments expected are very similar to fetchFromGitHub above. +This is used with Savannah repositories. The arguments expected are very similar to `fetchFromGitHub` above. ## `fetchFromRepoOrCz` {#fetchfromrepoorcz} -This is used with repo.or.cz repositories. The arguments expected are very similar to fetchFromGitHub above. +This is used with repo.or.cz repositories. The arguments expected are very similar to `fetchFromGitHub` above. ## `fetchFromSourcehut` {#fetchfromsourcehut} @@ -111,4 +162,4 @@ or "hg"), `domain` and `fetchSubmodules`. If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit` or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`, -respectively. Otherwise the fetcher uses `fetchzip`. +respectively. Otherwise, the fetcher uses `fetchzip`. diff --git a/nixpkgs/doc/builders/images/dockertools.section.md b/nixpkgs/doc/builders/images/dockertools.section.md index 7ff4b2aeb369..6fdd4b5cadd3 100644 --- a/nixpkgs/doc/builders/images/dockertools.section.md +++ b/nixpkgs/doc/builders/images/dockertools.section.md @@ -20,7 +20,12 @@ buildImage { fromImageName = null; fromImageTag = "latest"; - contents = pkgs.redis; + copyToRoot = pkgs.buildEnv { + name = "image-root"; + paths = [ pkgs.redis ]; + pathsToLink = [ "/bin" ]; + }; + runAsRoot = '' #!${pkgs.runtimeShell} mkdir -p /data @@ -31,6 +36,9 @@ buildImage { WorkingDir = "/data"; Volumes = { "/data" = { }; }; }; + + diskSize = 1024; + buildVMMemorySize = 512; } ``` @@ -46,7 +54,7 @@ The above example will build a Docker image `redis/latest` from the given base i - `fromImageTag` can be used to further specify the tag of the base image within the repository, in case an image contains multiple tags. By default it's `null`, in which case `buildImage` will peek the first tag available for the base image. -- `contents` is a derivation that will be copied in the new layer of the resulting image. This can be similarly seen as `ADD contents/ /` in a `Dockerfile`. By default it's `null`. +- `copyToRoot` is a derivation that will be copied in the new layer of the resulting image. This can be similarly seen as `ADD contents/ /` in a `Dockerfile`. By default it's `null`. - `runAsRoot` is a bash script that will run as root in an environment that overlays the existing layers of the base image with the new resulting layer, including the previously copied `contents` derivation. This can be similarly seen as `RUN ...` in a `Dockerfile`. @@ -54,11 +62,15 @@ The above example will build a Docker image `redis/latest` from the given base i - `config` is used to specify the configuration of the containers that will be started off the built image in Docker. The available options are listed in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions). +- `diskSize` is used to specify the disk size of the VM used to build the image in megabytes. By default it's 1024 MiB. + +- `buildVMMemorySize` is used to specify the memory size of the VM to build the image in megabytes. By default it's 512 MiB. + After the new layer has been created, its closure (to which `contents`, `config` and `runAsRoot` contribute) will be copied in the layer itself. Only new dependencies that are not already in the existing layers will be copied. At the end of the process, only one new single layer will be produced and added to the resulting image. -The resulting repository will only list the single image `image/tag`. In the case of [the `buildImage` example](#ex-dockerTools-buildImage) it would be `redis/latest`. +The resulting repository will only list the single image `image/tag`. In the case of [the `buildImage` example](#ex-dockerTools-buildImage), it would be `redis/latest`. It is possible to inspect the arguments with which an image was built using its `buildArgs` attribute. @@ -81,13 +93,17 @@ pkgs.dockerTools.buildImage { name = "hello"; tag = "latest"; created = "now"; - contents = pkgs.hello; + copyToRoot = pkgs.buildEnv { + name = "image-root"; + paths = [ pkgs.hello ]; + pathsToLink = [ "/bin" ]; + }; config.Cmd = [ "/bin/hello" ]; } ``` -and now the Docker CLI will display a reasonable date and sort the images as expected: +Now the Docker CLI will display a reasonable date and sort the images as expected: ```ShellSession $ docker images @@ -95,7 +111,7 @@ REPOSITORY TAG IMAGE ID CREATED SIZE hello latest de2bf4786de6 About a minute ago 25.2MB ``` -however, the produced images will not be binary reproducible. +However, the produced images will not be binary reproducible. ## buildLayeredImage {#ssec-pkgs-dockerTools-buildLayeredImage} @@ -119,13 +135,13 @@ Create a Docker image with many of the store paths being on their own layer to i `contents` _optional_ -: Top level paths in the container. Either a single derivation, or a list of derivations. +: Top-level paths in the container. Either a single derivation, or a list of derivations. *Default:* `[]` `config` _optional_ -: Run-time configuration of the container. A full list of the options are available at in the [ Docker Image Specification v1.2.0 ](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions). +: Run-time configuration of the container. A full list of the options are available at in the [Docker Image Specification v1.2.0](https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions). *Default:* `{}` @@ -195,9 +211,9 @@ pkgs.dockerTools.buildLayeredImage { Increasing the `maxLayers` increases the number of layers which have a chance to be shared between different images. -Modern Docker installations support up to 128 layers, however older versions support as few as 42. +Modern Docker installations support up to 128 layers, but older versions support as few as 42. -If the produced image will not be extended by other Docker builds, it is safe to set `maxLayers` to `128`. However it will be impossible to extend the image further. +If the produced image will not be extended by other Docker builds, it is safe to set `maxLayers` to `128`. However, it will be impossible to extend the image further. The first (`maxLayers-2`) most "popular" paths will have their own individual layers, then layer \#`maxLayers-1` will contain all the remaining "unpopular" paths, and finally layer \#`maxLayers` will contain the Image configuration. @@ -213,7 +229,7 @@ The image produced by running the output script can be piped directly into `dock $(nix-build) | docker load ``` -Alternatively, the image be piped via `gzip` into `skopeo`, e.g. to copy it into a registry: +Alternatively, the image be piped via `gzip` into `skopeo`, e.g., to copy it into a registry: ```ShellSession $(nix-build) | gzip --fast | skopeo copy docker-archive:/dev/stdin docker://some_docker_registry/myimage:tag @@ -302,7 +318,7 @@ buildImage { runAsRoot = '' #!${pkgs.runtimeShell} - ${shadowSetup} + ${pkgs.dockerTools.shadowSetup} groupadd -r redis useradd -r -g redis redis mkdir /data @@ -312,3 +328,32 @@ buildImage { ``` Creating base files like `/etc/passwd` or `/etc/login.defs` is necessary for shadow-utils to manipulate users and groups. + +## fakeNss {#ssec-pkgs-dockerTools-fakeNss} + +If your primary goal is providing a basic skeleton for user lookups to work, +and/or a lesser privileged user, adding `pkgs.fakeNss` to +the container image root might be the better choice than a custom script +running `useradd` and friends. + +It provides a `/etc/passwd` and `/etc/group`, containing `root` and `nobody` +users and groups. + +It also provides a `/etc/nsswitch.conf`, configuring NSS host resolution to +first check `/etc/hosts`, before checking DNS, as the default in the absence of +a config file (`dns [!UNAVAIL=return] files`) is quite unexpected. + +You can pair it with `binSh`, which provides `bin/sh` as a symlink +to `bashInteractive` (as `/bin/sh` is configured as a shell). + +```nix +buildImage { + name = "shadow-basic"; + + copyToRoot = pkgs.buildEnv { + name = "image-root"; + paths = [ binSh pkgs.fakeNss ]; + pathsToLink = [ "/bin" "/etc" "/var" ]; + }; +} +``` diff --git a/nixpkgs/doc/builders/images/ocitools.section.md b/nixpkgs/doc/builders/images/ocitools.section.md index d3dee57ebac6..d3ab8776786b 100644 --- a/nixpkgs/doc/builders/images/ocitools.section.md +++ b/nixpkgs/doc/builders/images/ocitools.section.md @@ -1,10 +1,10 @@ # pkgs.ociTools {#sec-pkgs-ociTools} -`pkgs.ociTools` is a set of functions for creating containers according to the [OCI container specification v1.0.0](https://github.com/opencontainers/runtime-spec). Beyond that it makes no assumptions about the container runner you choose to use to run the created container. +`pkgs.ociTools` is a set of functions for creating containers according to the [OCI container specification v1.0.0](https://github.com/opencontainers/runtime-spec). Beyond that, it makes no assumptions about the container runner you choose to use to run the created container. ## buildContainer {#ssec-pkgs-ociTools-buildContainer} -This function creates a simple OCI container that runs a single command inside of it. An OCI container consists of a `config.json` and a rootfs directory.The nix store of the container will contain all referenced dependencies of the given command. +This function creates a simple OCI container that runs a single command inside of it. An OCI container consists of a `config.json` and a rootfs directory. The nix store of the container will contain all referenced dependencies of the given command. The parameters of `buildContainer` with an example value are described below: @@ -30,7 +30,7 @@ buildContainer { } ``` -- `args` specifies a set of arguments to run inside the container. This is the only required argument for `buildContainer`. All referenced packages inside the derivation will be made available inside the container +- `args` specifies a set of arguments to run inside the container. This is the only required argument for `buildContainer`. All referenced packages inside the derivation will be made available inside the container. - `mounts` specifies additional mount points chosen by the user. By default only a minimal set of necessary filesystems are mounted into the container (e.g procfs, cgroupfs) diff --git a/nixpkgs/doc/builders/images/snaptools.section.md b/nixpkgs/doc/builders/images/snaptools.section.md index 5f710d2de7fe..259fa1b06180 100644 --- a/nixpkgs/doc/builders/images/snaptools.section.md +++ b/nixpkgs/doc/builders/images/snaptools.section.md @@ -33,7 +33,7 @@ in snapTools.makeSnap { ## Build a Graphical Snap {#ssec-pkgs-snapTools-build-a-snap-firefox} -Graphical programs require many more integrations with the host. This example uses Firefox as an example, because it is one of the most complicated programs we could package. +Graphical programs require many more integrations with the host. This example uses Firefox as an example because it is one of the most complicated programs we could package. ``` {#ex-snapTools-buildSnap-firefox .nix} let diff --git a/nixpkgs/doc/builders/packages/citrix.section.md b/nixpkgs/doc/builders/packages/citrix.section.md index b25ecb0bdefc..4721f7e90f7a 100644 --- a/nixpkgs/doc/builders/packages/citrix.section.md +++ b/nixpkgs/doc/builders/packages/citrix.section.md @@ -4,13 +4,13 @@ The [Citrix Workspace App](https://www.citrix.com/products/workspace-app/) is a ## Basic usage {#sec-citrix-base} -The tarball archive needs to be downloaded manually as the license agreements of the vendor for [Citrix Workspace](https://www.citrix.de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html) needs to be accepted first. Then run `nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz`. With the archive available in the store the package can be built and installed with Nix. +The tarball archive needs to be downloaded manually, as the license agreements of the vendor for [Citrix Workspace](https://www.citrix.de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html) needs to be accepted first. Then run `nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz`. With the archive available in the store, the package can be built and installed with Nix. -## Citrix Selfservice {#sec-citrix-selfservice} +## Citrix Self-service {#sec-citrix-selfservice} -The [selfservice](https://support.citrix.com/article/CTX200337) is an application managing Citrix desktops and applications. Please note that this feature only works with at least citrix_workspace_20_06_0 and later versions. +The [self-service](https://support.citrix.com/article/CTX200337) is an application managing Citrix desktops and applications. Please note that this feature only works with at least citrix_workspace_20_06_0 and later versions. -In order to set this up, you first have to [download the `.cr` file from the Netscaler Gateway](https://its.uiowa.edu/support/article/102186). After that you can configure the `selfservice` like this: +In order to set this up, you first have to [download the `.cr` file from the Netscaler Gateway](https://its.uiowa.edu/support/article/102186). After that, you can configure the `selfservice` like this: ```ShellSession $ storebrowse -C ~/Downloads/receiverconfig.cr @@ -19,7 +19,7 @@ $ selfservice ## Custom certificates {#sec-citrix-custom-certs} -The `Citrix Workspace App` in `nixpkgs` trusts several certificates [from the Mozilla database](https://curl.haxx.se/docs/caextract.html) by default. However several companies using Citrix might require their own corporate certificate. On distros with imperative packaging these certs can be stored easily in [`$ICAROOT`](https://developer-docs.citrix.com/projects/receiver-for-linux-command-reference/en/13.7/), however this directory is a store path in `nixpkgs`. In order to work around this issue the package provides a simple mechanism to add custom certificates without rebuilding the entire package using `symlinkJoin`: +The `Citrix Workspace App` in `nixpkgs` trusts several certificates [from the Mozilla database](https://curl.haxx.se/docs/caextract.html) by default. However, several companies using Citrix might require their own corporate certificate. On distros with imperative packaging, these certs can be stored easily in [`$ICAROOT`](https://developer-docs.citrix.com/projects/receiver-for-linux-command-reference/en/13.7/), however this directory is a store path in `nixpkgs`. In order to work around this issue, the package provides a simple mechanism to add custom certificates without rebuilding the entire package using `symlinkJoin`: ```nix with import <nixpkgs> { config.allowUnfree = true; }; diff --git a/nixpkgs/doc/builders/packages/eclipse.section.md b/nixpkgs/doc/builders/packages/eclipse.section.md index faabb1884501..8cf7426833b8 100644 --- a/nixpkgs/doc/builders/packages/eclipse.section.md +++ b/nixpkgs/doc/builders/packages/eclipse.section.md @@ -8,9 +8,9 @@ Nixpkgs provides a number of packages that will install Eclipse in its various f $ nix-env -f '<nixpkgs>' -qaP -A eclipses --description ``` -Once an Eclipse variant is installed it can be run using the `eclipse` command, as expected. From within Eclipse it is then possible to install plugins in the usual manner by either manually specifying an Eclipse update site or by installing the Marketplace Client plugin and using it to discover and install other plugins. This installation method provides an Eclipse installation that closely resemble a manually installed Eclipse. +Once an Eclipse variant is installed, it can be run using the `eclipse` command, as expected. From within Eclipse, it is then possible to install plugins in the usual manner by either manually specifying an Eclipse update site or by installing the Marketplace Client plugin and using it to discover and install other plugins. This installation method provides an Eclipse installation that closely resemble a manually installed Eclipse. -If you prefer to install plugins in a more declarative manner then Nixpkgs also offer a number of Eclipse plugins that can be installed in an _Eclipse environment_. This type of environment is created using the function `eclipseWithPlugins` found inside the `nixpkgs.eclipses` attribute set. This function takes as argument `{ eclipse, plugins ? [], jvmArgs ? [] }` where `eclipse` is a one of the Eclipse packages described above, `plugins` is a list of plugin derivations, and `jvmArgs` is a list of arguments given to the JVM running the Eclipse. For example, say you wish to install the latest Eclipse Platform with the popular Eclipse Color Theme plugin and also allow Eclipse to use more RAM. You could then add +If you prefer to install plugins in a more declarative manner, then Nixpkgs also offer a number of Eclipse plugins that can be installed in an _Eclipse environment_. This type of environment is created using the function `eclipseWithPlugins` found inside the `nixpkgs.eclipses` attribute set. This function takes as argument `{ eclipse, plugins ? [], jvmArgs ? [] }` where `eclipse` is a one of the Eclipse packages described above, `plugins` is a list of plugin derivations, and `jvmArgs` is a list of arguments given to the JVM running the Eclipse. For example, say you wish to install the latest Eclipse Platform with the popular Eclipse Color Theme plugin and also allow Eclipse to use more RAM. You could then add: ```nix packageOverrides = pkgs: { @@ -22,15 +22,15 @@ packageOverrides = pkgs: { } ``` -to your Nixpkgs configuration (`~/.config/nixpkgs/config.nix`) and install it by running `nix-env -f '<nixpkgs>' -iA myEclipse` and afterward run Eclipse as usual. It is possible to find out which plugins are available for installation using `eclipseWithPlugins` by running +to your Nixpkgs configuration (`~/.config/nixpkgs/config.nix`) and install it by running `nix-env -f '<nixpkgs>' -iA myEclipse` and afterward run Eclipse as usual. It is possible to find out which plugins are available for installation using `eclipseWithPlugins` by running: ```ShellSession $ nix-env -f '<nixpkgs>' -qaP -A eclipses.plugins --description ``` -If there is a need to install plugins that are not available in Nixpkgs then it may be possible to define these plugins outside Nixpkgs using the `buildEclipseUpdateSite` and `buildEclipsePlugin` functions found in the `nixpkgs.eclipses.plugins` attribute set. Use the `buildEclipseUpdateSite` function to install a plugin distributed as an Eclipse update site. This function takes `{ name, src }` as argument where `src` indicates the Eclipse update site archive. All Eclipse features and plugins within the downloaded update site will be installed. When an update site archive is not available then the `buildEclipsePlugin` function can be used to install a plugin that consists of a pair of feature and plugin JARs. This function takes an argument `{ name, srcFeature, srcPlugin }` where `srcFeature` and `srcPlugin` are the feature and plugin JARs, respectively. +If there is a need to install plugins that are not available in Nixpkgs then it may be possible to define these plugins outside Nixpkgs using the `buildEclipseUpdateSite` and `buildEclipsePlugin` functions found in the `nixpkgs.eclipses.plugins` attribute set. Use the `buildEclipseUpdateSite` function to install a plugin distributed as an Eclipse update site. This function takes `{ name, src }` as argument, where `src` indicates the Eclipse update site archive. All Eclipse features and plugins within the downloaded update site will be installed. When an update site archive is not available, then the `buildEclipsePlugin` function can be used to install a plugin that consists of a pair of feature and plugin JARs. This function takes an argument `{ name, srcFeature, srcPlugin }` where `srcFeature` and `srcPlugin` are the feature and plugin JARs, respectively. -Expanding the previous example with two plugins using the above functions we have +Expanding the previous example with two plugins using the above functions, we have: ```nix packageOverrides = pkgs: { diff --git a/nixpkgs/doc/builders/packages/elm.section.md b/nixpkgs/doc/builders/packages/elm.section.md index ae223c802da4..063dd73d9de4 100644 --- a/nixpkgs/doc/builders/packages/elm.section.md +++ b/nixpkgs/doc/builders/packages/elm.section.md @@ -1,6 +1,6 @@ # Elm {#sec-elm} -To start a development environment do +To start a development environment, run: ```ShellSession nix-shell -p elmPackages.elm elmPackages.elm-format diff --git a/nixpkgs/doc/builders/packages/emacs.section.md b/nixpkgs/doc/builders/packages/emacs.section.md index 577f1a23ce0e..a202606966c0 100644 --- a/nixpkgs/doc/builders/packages/emacs.section.md +++ b/nixpkgs/doc/builders/packages/emacs.section.md @@ -20,7 +20,7 @@ The Emacs package comes with some extra helpers to make it easier to configure. } ``` -You can install it like any other packages via `nix-env -iA myEmacs`. However, this will only install those packages. It will not `configure` them for us. To do this, we need to provide a configuration file. Luckily, it is possible to do this from within Nix! By modifying the above example, we can make Emacs load a custom config file. The key is to create a package that provide a `default.el` file in `/share/emacs/site-start/`. Emacs knows to load this file automatically when it starts. +You can install it like any other packages via `nix-env -iA myEmacs`. However, this will only install those packages. It will not `configure` them for us. To do this, we need to provide a configuration file. Luckily, it is possible to do this from within Nix! By modifying the above example, we can make Emacs load a custom config file. The key is to create a package that provides a `default.el` file in `/share/emacs/site-start/`. Emacs knows to load this file automatically when it starts. ```nix { @@ -101,9 +101,9 @@ You can install it like any other packages via `nix-env -iA myEmacs`. However, t } ``` -This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing `-q` to the Emacs command. +This provides a fairly full Emacs start file. It will load in addition to the user's personal config. You can always disable it by passing `-q` to the Emacs command. -Sometimes `emacs.pkgs.withPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use `overrideScope'`. +Sometimes `emacs.pkgs.withPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control these priorities when some package is installed as a dependency. You can override it on a per-package-basis, providing all the required dependencies manually, but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package, you can use `overrideScope'`. ```nix overrides = self: super: rec { diff --git a/nixpkgs/doc/builders/packages/etc-files.section.md b/nixpkgs/doc/builders/packages/etc-files.section.md index 2405a54634d8..94a769ed3355 100644 --- a/nixpkgs/doc/builders/packages/etc-files.section.md +++ b/nixpkgs/doc/builders/packages/etc-files.section.md @@ -1,10 +1,10 @@ # /etc files {#etc} -Certain calls in glibc require access to runtime files found in /etc such as `/etc/protocols` or `/etc/services` -- [getprotobyname](https://linux.die.net/man/3/getprotobyname) is one such function. +Certain calls in glibc require access to runtime files found in `/etc` such as `/etc/protocols` or `/etc/services` -- [getprotobyname](https://linux.die.net/man/3/getprotobyname) is one such function. -On non-NixOS distributions these files are typically provided by packages (i.e. [netbase](https://packages.debian.org/sid/netbase)) if not already pre-installed in your distribution. This can cause non-reproducibility for code if they rely on these files being present. +On non-NixOS distributions these files are typically provided by packages (i.e., [netbase](https://packages.debian.org/sid/netbase)) if not already pre-installed in your distribution. This can cause non-reproducibility for code if they rely on these files being present. -If [iana-etc](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.iana-etc.x86_64-linux) is part of your _buildInputs_ then it will set the environment varaibles `NIX_ETC_PROTOCOLS` and `NIX_ETC_SERVICES` to the corresponding files in the package through a _setup-hook_. +If [iana-etc](https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.iana-etc.x86_64-linux) is part of your `buildInputs`, then it will set the environment variables `NIX_ETC_PROTOCOLS` and `NIX_ETC_SERVICES` to the corresponding files in the package through a setup hook. ```bash @@ -15,4 +15,4 @@ NIX_ETC_SERVICES=/nix/store/aj866hr8fad8flnggwdhrldm0g799ccz-iana-etc-20210225/e NIX_ETC_PROTOCOLS=/nix/store/aj866hr8fad8flnggwdhrldm0g799ccz-iana-etc-20210225/etc/protocols ``` -Nixpkg's version of [glibc](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/glibc/default.nix) has been patched to check for the existence of these environment variables. If the environment variable are *not set*, then it will attempt to find the files at the default location within _/etc_. +Nixpkg's version of [glibc](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/glibc/default.nix) has been patched to check for the existence of these environment variables. If the environment variables are *not* set, then it will attempt to find the files at the default location within `/etc`. diff --git a/nixpkgs/doc/builders/packages/firefox.section.md b/nixpkgs/doc/builders/packages/firefox.section.md index d6426981da7d..0dd786a599d0 100644 --- a/nixpkgs/doc/builders/packages/firefox.section.md +++ b/nixpkgs/doc/builders/packages/firefox.section.md @@ -2,7 +2,7 @@ ## Build wrapped Firefox with extensions and policies {#build-wrapped-firefox-with-extensions-and-policies} -The `wrapFirefox` function allows to pass policies, preferences and extension that are available to Firefox. With the help of `fetchFirefoxAddon` this allows build a Firefox version that already comes with addons pre-installed: +The `wrapFirefox` function allows to pass policies, preferences and extensions that are available to Firefox. With the help of `fetchFirefoxAddon` this allows to build a Firefox version that already comes with add-ons pre-installed: ```nix { @@ -26,10 +26,14 @@ The `wrapFirefox` function allows to pass policies, preferences and extension th Pocket = false; Snippets = false; }; - UserMessaging = { - ExtensionRecommendations = false; - SkipOnboarding = true; - }; + UserMessaging = { + ExtensionRecommendations = false; + SkipOnboarding = true; + }; + SecurityDevices = { + # Use a proxy module rather than `nixpkgs.config.firefox.smartcardSupport = true` + "PKCS#11 Proxy Module" = "${pkgs.p11-kit}/lib/p11-kit-proxy.so"; + }; }; extraPrefs = '' @@ -40,13 +44,12 @@ The `wrapFirefox` function allows to pass policies, preferences and extension th } ``` -If `nixExtensions != null` then all manually installed addons will be uninstalled from your browser profile. -To view available enterprise policies visit [enterprise policies](https://github.com/mozilla/policy-templates#enterprisepoliciesenabled) -or type into the Firefox url bar: `about:policies#documentation`. -Nix installed addons do not have a valid signature, which is why signature verification is disabled. This does not compromise security because downloaded addons are checksumed and manual addons can't be installed. Also make sure that the `name` field of fetchFirefoxAddon is unique. If you remove an addon from the nixExtensions array, rebuild and start Firefox the removed addon will be completly removed with all of its settings. +If `nixExtensions != null`, then all manually installed add-ons will be uninstalled from your browser profile. +To view available enterprise policies, visit [enterprise policies](https://github.com/mozilla/policy-templates#enterprisepoliciesenabled) +or type into the Firefox URL bar: `about:policies#documentation`. +Nix installed add-ons do not have a valid signature, which is why signature verification is disabled. This does not compromise security because downloaded add-ons are checksummed and manual add-ons can't be installed. Also, make sure that the `name` field of `fetchFirefoxAddon` is unique. If you remove an add-on from the `nixExtensions` array, rebuild and start Firefox: the removed add-on will be completely removed with all of its settings. ## Troubleshooting {#sec-firefox-troubleshooting} -If addons are marked as broken or the signature is invalid, make sure you have Firefox ESR installed. Normal Firefox does not provide the ability anymore to disable signature verification for addons thus nix addons get disabled by the normal Firefox binary. - -If addons do not appear installed although they have been defined in your nix configuration file reset the local addon state of your Firefox profile by clicking `help -> restart with addons disabled -> restart -> refresh firefox`. This can happen if you switch from manual addon mode to nix addon mode and then back to manual mode and then again to nix addon mode. +If add-ons are marked as broken or the signature is invalid, make sure you have Firefox ESR installed. Normal Firefox does not provide the ability anymore to disable signature verification for add-ons thus nix add-ons get disabled by the normal Firefox binary. +If add-ons do not appear installed despite being defined in your nix configuration file, reset the local add-on state of your Firefox profile by clicking `Help -> More Troubleshooting Information -> Refresh Firefox`. This can happen if you switch from manual add-on mode to nix add-on mode and then back to manual mode and then again to nix add-on mode. diff --git a/nixpkgs/doc/builders/packages/fish.section.md b/nixpkgs/doc/builders/packages/fish.section.md index 3086bd68348f..85b57acd1090 100644 --- a/nixpkgs/doc/builders/packages/fish.section.md +++ b/nixpkgs/doc/builders/packages/fish.section.md @@ -36,7 +36,7 @@ using `buildFishPlugin` and running unit tests with the `fishtape` test runner. ## Fish wrapper {#sec-fish-wrapper} The `wrapFish` package is a wrapper around Fish which can be used to create -Fish shells initialised with some plugins as well as completions, configuration +Fish shells initialized with some plugins as well as completions, configuration snippets and functions sourced from the given paths. This provides a convenient way to test Fish plugins and scripts without having to alter the environment. diff --git a/nixpkgs/doc/builders/packages/fuse.section.md b/nixpkgs/doc/builders/packages/fuse.section.md index eb0023fcbc3e..6deea6b5626e 100644 --- a/nixpkgs/doc/builders/packages/fuse.section.md +++ b/nixpkgs/doc/builders/packages/fuse.section.md @@ -24,10 +24,10 @@ packages on macOS: checking for fuse.h... no configure: error: No fuse.h found. -This happens on autoconf based projects that uses `AC_CHECK_HEADERS` or +This happens on autoconf based projects that use `AC_CHECK_HEADERS` or `AC_CHECK_LIBS` to detect libfuse, and will occur even when the `fuse` package is included in `buildInputs`. It happens because libfuse headers throw an error -on macOS if the `FUSE_USE_VERSION` macro is undefined. Many proejcts do define +on macOS if the `FUSE_USE_VERSION` macro is undefined. Many projects do define `FUSE_USE_VERSION`, but only inside C source files. This results in the above error at configure time because the configure script would attempt to compile sample FUSE programs without defining `FUSE_USE_VERSION`. diff --git a/nixpkgs/doc/builders/packages/ibus.section.md b/nixpkgs/doc/builders/packages/ibus.section.md index 2ce85467bb86..1b09d3fbbab9 100644 --- a/nixpkgs/doc/builders/packages/ibus.section.md +++ b/nixpkgs/doc/builders/packages/ibus.section.md @@ -6,7 +6,7 @@ This package is an ibus-based completion method to speed up typing. IBus needs to be configured accordingly to activate `typing-booster`. The configuration depends on the desktop manager in use. For detailed instructions, please refer to the [upstream docs](https://mike-fabian.github.io/ibus-typing-booster/documentation.html). -On NixOS you need to explicitly enable `ibus` with given engines before customizing your desktop to use `typing-booster`. This can be achieved using the `ibus` module: +On NixOS, you need to explicitly enable `ibus` with given engines before customizing your desktop to use `typing-booster`. This can be achieved using the `ibus` module: ```nix { pkgs, ... }: { @@ -19,7 +19,7 @@ On NixOS you need to explicitly enable `ibus` with given engines before customiz ## Using custom hunspell dictionaries {#sec-ibus-typing-booster-customize-hunspell} -The IBus engine is based on `hunspell` to support completion in many languages. By default the dictionaries `de-de`, `en-us`, `fr-moderne` `es-es`, `it-it`, `sv-se` and `sv-fi` are in use. To add another dictionary, the package can be overridden like this: +The IBus engine is based on `hunspell` to support completion in many languages. By default, the dictionaries `de-de`, `en-us`, `fr-moderne` `es-es`, `it-it`, `sv-se` and `sv-fi` are in use. To add another dictionary, the package can be overridden like this: ```nix ibus-engines.typing-booster.override { langs = [ "de-at" "en-gb" ]; } @@ -31,7 +31,7 @@ _Note: each language passed to `langs` must be an attribute name in `pkgs.hunspe The `ibus-engines.typing-booster` package contains a program named `emoji-picker`. To display all emojis correctly, a special font such as `noto-fonts-emoji` is needed: -On NixOS it can be installed using the following expression: +On NixOS, it can be installed using the following expression: ```nix { pkgs, ... }: { fonts.fonts = with pkgs; [ noto-fonts-emoji ]; } diff --git a/nixpkgs/doc/builders/packages/linux.section.md b/nixpkgs/doc/builders/packages/linux.section.md index f669c720710c..b64da85791a0 100644 --- a/nixpkgs/doc/builders/packages/linux.section.md +++ b/nixpkgs/doc/builders/packages/linux.section.md @@ -4,7 +4,7 @@ The Nix expressions to build the Linux kernel are in [`pkgs/os-specific/linux/ke The function that builds the kernel has an argument `kernelPatches` which should be a list of `{name, patch, extraConfig}` attribute sets, where `name` is the name of the patch (which is included in the kernel’s `meta.description` attribute), `patch` is the patch itself (possibly compressed), and `extraConfig` (optional) is a string specifying extra options to be concatenated to the kernel configuration file (`.config`). -The kernel derivation exports an attribute `features` specifying whether optional functionality is or isn’t enabled. This is used in NixOS to implement kernel-specific behaviour. For instance, if the kernel has the `iwlwifi` feature (i.e. has built-in support for Intel wireless chipsets), then NixOS doesn’t have to build the external `iwlwifi` package: +The kernel derivation exports an attribute `features` specifying whether optional functionality is or isn’t enabled. This is used in NixOS to implement kernel-specific behaviour. For instance, if the kernel has the `iwlwifi` feature (i.e., has built-in support for Intel wireless chipsets), then NixOS doesn’t have to build the external `iwlwifi` package: ```nix modulesTree = [kernel] @@ -14,19 +14,19 @@ modulesTree = [kernel] How to add a new (major) version of the Linux kernel to Nixpkgs: -1. Copy the old Nix expression (e.g. `linux-2.6.21.nix`) to the new one (e.g. `linux-2.6.22.nix`) and update it. +1. Copy the old Nix expression (e.g., `linux-2.6.21.nix`) to the new one (e.g., `linux-2.6.22.nix`) and update it. 2. Add the new kernel to the `kernels` attribute set in `linux-kernels.nix` (e.g., create an attribute `kernel_2_6_22`). 3. Now we’re going to update the kernel configuration. First unpack the kernel. Then for each supported platform (`i686`, `x86_64`, `uml`) do the following: - 1. Make an copy from the old config (e.g. `config-2.6.21-i686-smp`) to the new one (e.g. `config-2.6.22-i686-smp`). + 1. Make a copy from the old config (e.g., `config-2.6.21-i686-smp`) to the new one (e.g., `config-2.6.22-i686-smp`). - 2. Copy the config file for this platform (e.g. `config-2.6.22-i686-smp`) to `.config` in the kernel source tree. + 2. Copy the config file for this platform (e.g., `config-2.6.22-i686-smp`) to `.config` in the kernel source tree. - 3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e. don’t enable some feature on `i686` and disable it on `x86_64`). + 3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e., don’t enable some feature on `i686` and disable it on `x86_64`). - 4. If needed you can also run `make menuconfig`: + 4. If needed, you can also run `make menuconfig`: ```ShellSession $ nix-env -f "<nixpkgs>" -iA ncurses @@ -34,7 +34,7 @@ How to add a new (major) version of the Linux kernel to Nixpkgs: $ make menuconfig ARCH=arch ``` - 5. Copy `.config` over the new config file (e.g. `config-2.6.22-i686-smp`). + 5. Copy `.config` over the new config file (e.g., `config-2.6.22-i686-smp`). 4. Test building the kernel: `nix-build -A linuxKernel.kernels.kernel_2_6_22`. If it compiles, ship it! For extra credit, try booting NixOS with it. diff --git a/nixpkgs/doc/builders/packages/locales.section.md b/nixpkgs/doc/builders/packages/locales.section.md index e5a037004818..3a983f13a396 100644 --- a/nixpkgs/doc/builders/packages/locales.section.md +++ b/nixpkgs/doc/builders/packages/locales.section.md @@ -1,5 +1,5 @@ # Locales {#locales} -To allow simultaneous use of packages linked against different versions of `glibc` with different locale archive formats Nixpkgs patches `glibc` to rely on `LOCALE_ARCHIVE` environment variable. +To allow simultaneous use of packages linked against different versions of `glibc` with different locale archive formats, Nixpkgs patches `glibc` to rely on `LOCALE_ARCHIVE` environment variable. -On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the `LOCALE_ARCHIVE` variable pointing to `${glibcLocales}/lib/locale/locale-archive`. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters `allLocales` and `locales` of the package. +On non-NixOS distributions, this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the `LOCALE_ARCHIVE` variable pointing to `${glibcLocales}/lib/locale/locale-archive`. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters `allLocales` and `locales` of the package. diff --git a/nixpkgs/doc/builders/packages/nginx.section.md b/nixpkgs/doc/builders/packages/nginx.section.md index 154c21f9b369..0704b534e5f7 100644 --- a/nixpkgs/doc/builders/packages/nginx.section.md +++ b/nixpkgs/doc/builders/packages/nginx.section.md @@ -4,8 +4,8 @@ ## ETags on static files served from the Nix store {#sec-nginx-etag} -HTTP has a couple different mechanisms for caching to prevent clients from having to download the same content repeatedly if a resource has not changed since the last time it was requested. When nginx is used as a server for static files, it implements the caching mechanism based on the [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified) response header automatically; unfortunately, it works by using filesystem timestamps to determine the value of the `Last-Modified` header. This doesn't give the desired behavior when the file is in the Nix store, because all file timestamps are set to 0 (for reasons related to build reproducibility). +HTTP has a couple of different mechanisms for caching to prevent clients from having to download the same content repeatedly if a resource has not changed since the last time it was requested. When nginx is used as a server for static files, it implements the caching mechanism based on the [`Last-Modified`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified) response header automatically; unfortunately, it works by using filesystem timestamps to determine the value of the `Last-Modified` header. This doesn't give the desired behavior when the file is in the Nix store because all file timestamps are set to 0 (for reasons related to build reproducibility). -Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g. a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content. +Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g., a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content. As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. This happens automatically; you do not need to do modify any configuration to get this behavior. diff --git a/nixpkgs/doc/builders/packages/opengl.section.md b/nixpkgs/doc/builders/packages/opengl.section.md index ee7f3af98cfc..f4d282267a07 100644 --- a/nixpkgs/doc/builders/packages/opengl.section.md +++ b/nixpkgs/doc/builders/packages/opengl.section.md @@ -12,4 +12,4 @@ The NixOS desktop or other non-headless configurations are the primary target fo If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of `libglvnd` and `mesa.drivers` in `LD_LIBRARY_PATH`. For Mesa drivers, the Linux kernel version doesn't have to match nixpkgs. -For proprietary video drivers you might have luck with also adding the corresponding video driver package. +For proprietary video drivers, you might have luck with also adding the corresponding video driver package. diff --git a/nixpkgs/doc/builders/packages/shell-helpers.section.md b/nixpkgs/doc/builders/packages/shell-helpers.section.md index 57b8619c5007..e7c2b0abebfc 100644 --- a/nixpkgs/doc/builders/packages/shell-helpers.section.md +++ b/nixpkgs/doc/builders/packages/shell-helpers.section.md @@ -4,7 +4,7 @@ Some packages provide the shell integration to be more useful. But unlike other - `fzf` : `fzf-share` -E.g. `fzf` can then used in the `.bashrc` like this: +E.g. `fzf` can then be used in the `.bashrc` like this: ```bash source "$(fzf-share)/completion.bash" diff --git a/nixpkgs/doc/builders/packages/steam.section.md b/nixpkgs/doc/builders/packages/steam.section.md index 3ce33c9b60ef..25728aa52aef 100644 --- a/nixpkgs/doc/builders/packages/steam.section.md +++ b/nixpkgs/doc/builders/packages/steam.section.md @@ -2,20 +2,20 @@ ## Steam in Nix {#sec-steam-nix} -Steam is distributed as a `.deb` file, for now only as an i686 package (the amd64 package only has documentation). When unpacked, it has a script called `steam` that in Ubuntu (their target distro) would go to `/usr/bin`. When run for the first time, this script copies some files to the user's home, which include another script that is the ultimate responsible for launching the steam binary, which is also in \$HOME. +Steam is distributed as a `.deb` file, for now only as an i686 package (the amd64 package only has documentation). When unpacked, it has a script called `steam` that in Ubuntu (their target distro) would go to `/usr/bin`. When run for the first time, this script copies some files to the user's home, which include another script that is the ultimate responsible for launching the steam binary, which is also in `$HOME`. Nix problems and constraints: -- We don't have `/bin/bash` and many scripts point there. Similarly for `/usr/bin/python`. +- We don't have `/bin/bash` and many scripts point there. Same thing for `/usr/bin/python`. - We don't have the dynamic loader in `/lib`. -- The `steam.sh` script in \$HOME can not be patched, as it is checked and rewritten by steam. +- The `steam.sh` script in `$HOME` cannot be patched, as it is checked and rewritten by steam. - The steam binary cannot be patched, it's also checked. The current approach to deploy Steam in NixOS is composing a FHS-compatible chroot environment, as documented [here](http://sandervanderburg.blogspot.nl/2013/09/composing-fhs-compatible-chroot.html). This allows us to have binaries in the expected paths without disrupting the system, and to avoid patching them to work in a non FHS environment. ## How to play {#sec-steam-play} -Use `programs.steam.enable = true;` if you want to add steam to systemPackages and also enable a few workarrounds aswell as Steam controller support or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pr. +Use `programs.steam.enable = true;` if you want to add steam to `systemPackages` and also enable a few workarounds as well as Steam controller support or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pro Controller. ## Troubleshooting {#sec-steam-troub} @@ -32,7 +32,7 @@ Use `programs.steam.enable = true;` if you want to add steam to systemPackages a - **Using the FOSS Radeon or nouveau (nvidia) drivers** - The `newStdcpp` parameter was removed since NixOS 17.09 and should not be needed anymore. - - Steam ships statically linked with a version of libcrypto that conflics with the one dynamically loaded by radeonsi_dri.so. If you get the error + - Steam ships statically linked with a version of `libcrypto` that conflicts with the one dynamically loaded by radeonsi_dri.so. If you get the error: ``` steam.sh: line 713: 7842 Segmentation fault (core dumped) @@ -42,13 +42,13 @@ Use `programs.steam.enable = true;` if you want to add steam to systemPackages a - **Java** - 1. There is no java in steam chrootenv by default. If you get a message like + 1. There is no java in steam chrootenv by default. If you get a message like: ``` /home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found ``` - you need to add + you need to add: ```nix steam.override { withJava = true; }; @@ -56,7 +56,7 @@ Use `programs.steam.enable = true;` if you want to add steam to systemPackages a ## steam-run {#sec-steam-run} -The FHS-compatible chroot used for Steam can also be used to run other Linux games that expect a FHS environment. To use it, install the `steam-run` package and run the game with +The FHS-compatible chroot used for Steam can also be used to run other Linux games that expect a FHS environment. To use it, install the `steam-run` package and run the game with: ``` steam-run ./foo diff --git a/nixpkgs/doc/builders/packages/unfree.xml b/nixpkgs/doc/builders/packages/unfree.xml deleted file mode 100644 index 3d4f199f8fb0..000000000000 --- a/nixpkgs/doc/builders/packages/unfree.xml +++ /dev/null @@ -1,13 +0,0 @@ -<section xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xml:id="unfree-software"> - <title>Unfree software</title> - - <para> - All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software. At the same time, many users need (or want) to run some specific pieces of proprietary software. Nixpkgs includes some expressions for unfree software packages. By default unfree software cannot be installed and doesn’t show up in searches. To allow installing unfree software in a single Nix invocation one can export <literal>NIXPKGS_ALLOW_UNFREE=1</literal>. For a persistent solution, users can set <literal>allowUnfree</literal> in the Nixpkgs configuration. - </para> - - <para> - Fine-grained control is possible by defining <literal>allowUnfreePredicate</literal> function in config; it takes the <literal>mkDerivation</literal> parameter attrset and returns <literal>true</literal> for unfree packages that should be allowed. - </para> -</section> diff --git a/nixpkgs/doc/builders/packages/urxvt.section.md b/nixpkgs/doc/builders/packages/urxvt.section.md index 2d1196d92278..507feaa6fd86 100644 --- a/nixpkgs/doc/builders/packages/urxvt.section.md +++ b/nixpkgs/doc/builders/packages/urxvt.section.md @@ -4,7 +4,7 @@ Urxvt, also known as rxvt-unicode, is a highly customizable terminal emulator. ## Configuring urxvt {#sec-urxvt-conf} -In `nixpkgs`, urxvt is provided by the package `rxvt-unicode`. It can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, use an overlay or directly install an expression that overrides its configuration, such as +In `nixpkgs`, urxvt is provided by the package `rxvt-unicode`. It can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, use an overlay or directly install an expression that overrides its configuration, such as: ```nix rxvt-unicode.override { @@ -58,14 +58,14 @@ rxvt-unicode.override { ## Packaging urxvt plugins {#sec-urxvt-pkg} -Urxvt plugins resides in `pkgs/applications/misc/rxvt-unicode-plugins`. To add a new plugin create an expression in a subdirectory and add the package to the set in `pkgs/applications/misc/rxvt-unicode-plugins/default.nix`. +Urxvt plugins resides in `pkgs/applications/misc/rxvt-unicode-plugins`. To add a new plugin, create an expression in a subdirectory and add the package to the set in `pkgs/applications/misc/rxvt-unicode-plugins/default.nix`. A plugin can be any kind of derivation, the only requirement is that it should always install perl scripts in `$out/lib/urxvt/perl`. Look for existing plugins for examples. -If the plugin is itself a perl package that needs to be imported from other plugins or scripts, add the following passthrough: +If the plugin is itself a Perl package that needs to be imported from other plugins or scripts, add the following passthrough: ```nix passthru.perlPackages = [ "self" ]; ``` -This will make the urxvt wrapper pick up the dependency and set up the perl path accordingly. +This will make the urxvt wrapper pick up the dependency and set up the Perl path accordingly. diff --git a/nixpkgs/doc/builders/packages/weechat.section.md b/nixpkgs/doc/builders/packages/weechat.section.md index e4e956b908ed..767cc604ab45 100644 --- a/nixpkgs/doc/builders/packages/weechat.section.md +++ b/nixpkgs/doc/builders/packages/weechat.section.md @@ -1,6 +1,6 @@ -# Weechat {#sec-weechat} +# WeeChat {#sec-weechat} -Weechat can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, install an expression that overrides its configuration such as +WeeChat can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, install an expression that overrides its configuration, such as: ```nix weechat.override {configure = {availablePlugins, ...}: { @@ -13,7 +13,7 @@ If the `configure` function returns an attrset without the `plugins` attribute, The plugins currently available are `python`, `perl`, `ruby`, `guile`, `tcl` and `lua`. -The python and perl plugins allows the addition of extra libraries. For instance, the `inotify.py` script in `weechat-scripts` requires D-Bus or libnotify, and the `fish.py` script requires `pycrypto`. To use these scripts, use the plugin's `withPackages` attribute: +The Python and Perl plugins allows the addition of extra libraries. For instance, the `inotify.py` script in `weechat-scripts` requires D-Bus or libnotify, and the `fish.py` script requires `pycrypto`. To use these scripts, use the plugin's `withPackages` attribute: ```nix weechat.override { configure = {availablePlugins, ...}: { @@ -49,7 +49,7 @@ weechat.override { Further values can be added to the list of commands when running `weechat --run-command "your-commands"`. -Additionally it's possible to specify scripts to be loaded when starting `weechat`. These will be loaded before the commands from `init`: +Additionally, it's possible to specify scripts to be loaded when starting `weechat`. These will be loaded before the commands from `init`: ```nix weechat.override { @@ -64,7 +64,7 @@ weechat.override { } ``` -In `nixpkgs` there's a subpackage which contains derivations for WeeChat scripts. Such derivations expect a `passthru.scripts` attribute which contains a list of all scripts inside the store path. Furthermore all scripts have to live in `$out/share`. An exemplary derivation looks like this: +In `nixpkgs` there's a subpackage which contains derivations for WeeChat scripts. Such derivations expect a `passthru.scripts` attribute, which contains a list of all scripts inside the store path. Furthermore, all scripts have to live in `$out/share`. An exemplary derivation looks like this: ```nix { stdenv, fetchurl }: diff --git a/nixpkgs/doc/builders/special.xml b/nixpkgs/doc/builders/special.xml index 2f84599cdd4f..8902ce5c8132 100644 --- a/nixpkgs/doc/builders/special.xml +++ b/nixpkgs/doc/builders/special.xml @@ -7,5 +7,4 @@ </para> <xi:include href="special/fhs-environments.section.xml" /> <xi:include href="special/mkshell.section.xml" /> - <xi:include href="special/invalidateFetcherByDrvHash.section.xml" /> </chapter> diff --git a/nixpkgs/doc/builders/special/invalidateFetcherByDrvHash.section.md b/nixpkgs/doc/builders/special/invalidateFetcherByDrvHash.section.md deleted file mode 100644 index 7c2f03a64b7b..000000000000 --- a/nixpkgs/doc/builders/special/invalidateFetcherByDrvHash.section.md +++ /dev/null @@ -1,31 +0,0 @@ - -## `invalidateFetcherByDrvHash` {#sec-pkgs-invalidateFetcherByDrvHash} - -Use the derivation hash to invalidate the output via name, for testing. - -Type: `(a@{ name, ... } -> Derivation) -> a -> Derivation` - -Normally, fixed output derivations can and should be cached by their output -hash only, but for testing we want to re-fetch everytime the fetcher changes. - -Changes to the fetcher become apparent in the drvPath, which is a hash of -how to fetch, rather than a fixed store path. -By inserting this hash into the name, we can make sure to re-run the fetcher -every time the fetcher changes. - -This relies on the assumption that Nix isn't clever enough to reuse its -database of local store contents to optimize fetching. - -You might notice that the "salted" name derives from the normal invocation, -not the final derivation. `invalidateFetcherByDrvHash` has to invoke the fetcher -function twice: once to get a derivation hash, and again to produce the final -fixed output derivation. - -Example: - - tests.fetchgit = invalidateFetcherByDrvHash fetchgit { - name = "nix-source"; - url = "https://github.com/NixOS/nix"; - rev = "9d9dbe6ed05854e03811c361a3380e09183f4f4a"; - sha256 = "sha256-7DszvbCNTjpzGRmpIVAWXk20P0/XTrWZ79KSOGLrUWY="; - }; diff --git a/nixpkgs/doc/builders/testers.chapter.md b/nixpkgs/doc/builders/testers.chapter.md new file mode 100644 index 000000000000..c6fb71de0180 --- /dev/null +++ b/nixpkgs/doc/builders/testers.chapter.md @@ -0,0 +1,128 @@ +# Testers {#chap-testers} +This chapter describes several testing builders which are available in the <literal>testers</literal> namespace. + +## `testVersion` {#tester-testVersion} + +Checks the command output contains the specified version + +Although simplistic, this test assures that the main program +can run. While there's no substitute for a real test case, +it does catch dynamic linking errors and such. It also provides +some protection against accidentally building the wrong version, +for example when using an 'old' hash in a fixed-output derivation. + +Examples: + +```nix +passthru.tests.version = testVersion { package = hello; }; + +passthru.tests.version = testVersion { + package = seaweedfs; + command = "weed version"; +}; + +passthru.tests.version = testVersion { + package = key; + command = "KeY --help"; + # Wrong '2.5' version in the code. Drop on next version. + version = "2.5"; +}; +``` + +## `testEqualDerivation` {#tester-testEqualDerivation} + +Checks that two packages produce the exact same build instructions. + +This can be used to make sure that a certain difference of configuration, +such as the presence of an overlay does not cause a cache miss. + +When the derivations are equal, the return value is an empty file. +Otherwise, the build log explains the difference via `nix-diff`. + +Example: + +```nix +testEqualDerivation + "The hello package must stay the same when enabling checks." + hello + (hello.overrideAttrs(o: { doCheck = true; })) +``` + +## `invalidateFetcherByDrvHash` {#tester-invalidateFetcherByDrvHash} + +Use the derivation hash to invalidate the output via name, for testing. + +Type: `(a@{ name, ... } -> Derivation) -> a -> Derivation` + +Normally, fixed output derivations can and should be cached by their output +hash only, but for testing we want to re-fetch everytime the fetcher changes. + +Changes to the fetcher become apparent in the drvPath, which is a hash of +how to fetch, rather than a fixed store path. +By inserting this hash into the name, we can make sure to re-run the fetcher +every time the fetcher changes. + +This relies on the assumption that Nix isn't clever enough to reuse its +database of local store contents to optimize fetching. + +You might notice that the "salted" name derives from the normal invocation, +not the final derivation. `invalidateFetcherByDrvHash` has to invoke the fetcher +function twice: once to get a derivation hash, and again to produce the final +fixed output derivation. + +Example: + +```nix +tests.fetchgit = invalidateFetcherByDrvHash fetchgit { + name = "nix-source"; + url = "https://github.com/NixOS/nix"; + rev = "9d9dbe6ed05854e03811c361a3380e09183f4f4a"; + sha256 = "sha256-7DszvbCNTjpzGRmpIVAWXk20P0/XTrWZ79KSOGLrUWY="; +}; +``` + +## `nixosTest` {#tester-nixosTest} + +Run a NixOS VM network test using this evaluation of Nixpkgs. + +NOTE: This function is primarily for external use. NixOS itself uses `make-test-python.nix` directly. Packages defined in Nixpkgs [reuse NixOS tests via `nixosTests`, plural](#ssec-nixos-tests-linking). + +It is mostly equivalent to the function `import ./make-test-python.nix` from the +[NixOS manual](https://nixos.org/nixos/manual/index.html#sec-nixos-tests), +except that the current application of Nixpkgs (`pkgs`) will be used, instead of +letting NixOS invoke Nixpkgs anew. + +If a test machine needs to set NixOS options under `nixpkgs`, it must set only the +`nixpkgs.pkgs` option. + +### Parameter + +A [NixOS VM test network](https://nixos.org/nixos/manual/index.html#sec-nixos-tests), or path to it. Example: + +```nix +{ + name = "my-test"; + nodes = { + machine1 = { lib, pkgs, nodes, ... }: { + environment.systemPackages = [ pkgs.hello ]; + services.foo.enable = true; + }; + # machine2 = ...; + }; + testScript = '' + start_all() + machine1.wait_for_unit("foo.service") + machine1.succeed("hello | foo-send") + ''; +} +``` + +### Result + +A derivation that runs the VM test. + +Notable attributes: + + * `nodes`: the evaluated NixOS configurations. Useful for debugging and exploring the configuration. + + * `driverInteractive`: a script that launches an interactive Python session in the context of the `testScript`. diff --git a/nixpkgs/doc/builders/trivial-builders.chapter.md b/nixpkgs/doc/builders/trivial-builders.chapter.md index 779a0a801b4e..c05511785bf5 100644 --- a/nixpkgs/doc/builders/trivial-builders.chapter.md +++ b/nixpkgs/doc/builders/trivial-builders.chapter.md @@ -35,10 +35,10 @@ This works just like `runCommand`. The only difference is that it also provides ## `runCommandLocal` {#trivial-builder-runCommandLocal} -Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network roundrip and can speed up a build. +Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network round-trip and can speed up a build. ::: {.note} -This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g. just copying some files to a different location or adding symlinks), because there the `system` is usually the same as `builtins.currentSystem`. +This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g., just copying some files to a different location or adding symlinks) because there the `system` is usually the same as `builtins.currentSystem`. ::: ## `writeTextFile`, `writeText`, `writeTextDir`, `writeScript`, `writeScriptBin` {#trivial-builder-writeText} @@ -219,5 +219,5 @@ produces an output path `/nix/store/<hash>-runtime-references` containing /nix/store/<hash>-hello-2.10 ``` -but none of `hello`'s dependencies, because those are not referenced directly +but none of `hello`'s dependencies because those are not referenced directly by `hi`'s output. diff --git a/nixpkgs/doc/contributing/coding-conventions.chapter.md b/nixpkgs/doc/contributing/coding-conventions.chapter.md index dac6d828ac0b..6473fa151a43 100644 --- a/nixpkgs/doc/contributing/coding-conventions.chapter.md +++ b/nixpkgs/doc/contributing/coding-conventions.chapter.md @@ -214,15 +214,15 @@ Most of the time, these are the same. For instance, the package `e2fsprogs` has There are a few naming guidelines: -- The `name` attribute _should_ be identical to the upstream package name. +- The `pname` attribute _should_ be identical to the upstream package name. -- The `name` attribute _must not_ contain uppercase letters — e.g., `"mplayer-1.0rc2"` instead of `"MPlayer-1.0rc2"`. +- The `pname` and the `version` attribute _must not_ contain uppercase letters — e.g., `"mplayer" instead of `"MPlayer"`. -- The version part of the `name` attribute _must_ start with a digit (following a dash) — e.g., `"hello-0.3.1rc2"`. +- The `version` attribute _must_ start with a digit e.g`"0.3.1rc2". -- If a package is not a release but a commit from a repository, then the version part of the name _must_ be the date of that (fetched) commit. The date _must_ be in `"YYYY-MM-DD"` format. Also append `"unstable"` to the name - e.g., `"pkgname-unstable-2014-09-23"`. +- If a package is not a release but a commit from a repository, then the `version` attribute _must_ be the date of that (fetched) commit. The date _must_ be in `"unstable-YYYY-MM-DD"` format. -- Dashes in the package name _should_ be preserved in new variable names, rather than converted to underscores or camel cased — e.g., `http-parser` instead of `http_parser` or `httpParser`. The hyphenated style is preferred in all three package names. +- Dashes in the package `pname` _should_ be preserved in new variable names, rather than converted to underscores or camel cased — e.g., `http-parser` instead of `http_parser` or `httpParser`. The hyphenated style is preferred in all three package names. - If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c_0_9` and `json-c_0_11`. If there is an obvious “default” version, make an attribute like `json-c = json-c_0_9;`. See also [](#sec-versioning) @@ -338,6 +338,10 @@ A (typically large) program with a distinct user interface, primarily used inter - `applications/terminal-emulators` (e.g. `alacritty` or `rxvt` or `termite`) +- **If it’s a _file manager_:** + + - `applications/file-managers` (e.g. `mc` or `ranger` or `pcmanfm`) + - **If it’s for _video playback / editing_:** - `applications/video` (e.g. `vlc`) @@ -449,7 +453,7 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these } ``` - Find the value to put as `sha256` by running `nix run -f '<nixpkgs>' nix-prefetch-github -c nix-prefetch-github --rev 1f795f9f44607cc5bec70d1300150bfefcef2aae NixOS nix` or `nix-prefetch-url --unpack https://github.com/NixOS/nix/archive/1f795f9f44607cc5bec70d1300150bfefcef2aae.tar.gz`. +Find the value to put as `sha256` by running `nix-shell -p nix-prefetch-github --run "nix-prefetch-github --rev 1f795f9f44607cc5bec70d1300150bfefcef2aae NixOS nix"`. ## Obtaining source hash {#sec-source-hashes} @@ -511,6 +515,8 @@ patches = [ Otherwise, you can add a `.patch` file to the `nixpkgs` repository. In the interest of keeping our maintenance burden to a minimum, only patches that are unique to `nixpkgs` should be added in this way. +If a patch is available online but does not cleanly apply, it can be modified in some fixed ways by using additional optional arguments for `fetchpatch`. Check [](#fetchpatch) for details. + ```nix patches = [ ./0001-changes.patch ]; ``` @@ -538,17 +544,6 @@ If you do need to do create this sort of patch file, one way to do so is with gi $ git diff -a > nixpkgs/pkgs/the/package/0001-changes.patch ``` -If a patch is available online but does not cleanly apply, it can be modified in some fixed ways by using additional optional arguments for `fetchpatch`: - -- `relative`: Similar to using `git-diff`'s `--relative` flag, only keep changes inside the specified directory, making paths relative to it. -- `stripLen`: Remove the first `stripLen` components of pathnames in the patch. -- `extraPrefix`: Prefix pathnames by this string. -- `excludes`: Exclude files matching these patterns (applies after the above arguments). -- `includes`: Include only files matching these patterns (applies after the above arguments). -- `revert`: Revert the patch. - -Note that because the checksum is computed after applying these effects, using or modifying these arguments will have no effect unless the `sha256` argument is changed as well. - ## Package tests {#sec-package-tests} Tests are important to ensure quality and make reviews and automatic updates easy. diff --git a/nixpkgs/doc/contributing/contributing-to-documentation.chapter.md b/nixpkgs/doc/contributing/contributing-to-documentation.chapter.md index 1384772ebb2b..db16f13b474b 100644 --- a/nixpkgs/doc/contributing/contributing-to-documentation.chapter.md +++ b/nixpkgs/doc/contributing/contributing-to-documentation.chapter.md @@ -27,7 +27,7 @@ If the build succeeds, the manual will be in `./result/share/doc/nixpkgs/manual. As per [RFC 0072](https://github.com/NixOS/rfcs/pull/72), all new documentation content should be written in [CommonMark](https://commonmark.org/) Markdown dialect. -Additionally, the following syntax extensions are currently used: +Additional syntax extensions are available, though not all extensions can be used in NixOS option documentation. The following extensions are currently used: - []{#ssec-contributing-markup-anchors} Explicitly defined **anchors** on headings, to allow linking to sections. These should be always used, to ensure the anchors can be linked even when the heading text changes, and to prevent conflicts between [automatically assigned identifiers](https://github.com/jgm/commonmark-hs/blob/master/commonmark-extensions/test/auto_identifiers.md). @@ -53,12 +53,22 @@ Additionally, the following syntax extensions are currently used: This syntax is taken from [MyST](https://myst-parser.readthedocs.io/en/latest/using/syntax.html#targets-and-cross-referencing). - []{#ssec-contributing-markup-inline-roles} - If you want to link to a man page, you can use `` {manpage}`nix.conf(5)` ``, which will turn into {manpage}`nix.conf(5)`. + If you want to link to a man page, you can use `` {manpage}`nix.conf(5)` ``, which will turn into {manpage}`nix.conf(5)`. The references will turn into links when a mapping exists in {file}`doc/build-aux/pandoc-filters/link-unix-man-references.lua`. - The references will turn into links when a mapping exists in {file}`doc/build-aux/pandoc-filters/link-unix-man-references.lua`. + A few markups for other kinds of literals are also available: + + - `` {command}`rm -rfi` `` turns into {command}`rm -rfi` + - `` {option}`networking.useDHCP` `` turns into {option}`networking.useDHCP` + - `` {file}`/etc/passwd` `` turns into {file}`/etc/passwd` + + These literal kinds are used mostly in NixOS option documentation. This syntax is taken from [MyST](https://myst-parser.readthedocs.io/en/latest/syntax/syntax.html#roles-an-in-line-extension-point). Though, the feature originates from [reStructuredText](https://www.sphinx-doc.org/en/master/usage/restructuredtext/roles.html#role-manpage) with slightly different syntax. + ::: {.note} + Inline roles are available for option documentation. + ::: + - []{#ssec-contributing-markup-admonitions} **Admonitions**, set off from the text to bring attention to something. @@ -84,6 +94,10 @@ Additionally, the following syntax extensions are currently used: - [`tip`](https://tdg.docbook.org/tdg/5.0/tip.html) - [`warning`](https://tdg.docbook.org/tdg/5.0/warning.html) + ::: {.note} + Admonitions are available for option documentation. + ::: + - []{#ssec-contributing-markup-definition-lists} [**Definition lists**](https://github.com/jgm/commonmark-hs/blob/master/commonmark-extensions/test/definition_lists.md), for defining a group of terms: diff --git a/nixpkgs/doc/contributing/reviewing-contributions.chapter.md b/nixpkgs/doc/contributing/reviewing-contributions.chapter.md index 3417854730ef..4452695a6f38 100644 --- a/nixpkgs/doc/contributing/reviewing-contributions.chapter.md +++ b/nixpkgs/doc/contributing/reviewing-contributions.chapter.md @@ -185,6 +185,111 @@ Sample template for a new module review is provided below. ##### Comments ``` +## Individual maintainer list {#reviewing-contributions-indvidual-maintainer-list} + +When adding users to `maintainers/maintainer-list.nix`, the following +checks should be performed: + +- If the user has specified a GPG key, verify that the commit is + signed by their key. + + First, validate that the commit adding the maintainer is signed by + the key the maintainer listed. Check out the pull request and + compare its signing key with the listed key in the commit. + + If the commit is not signed or it is signed by a different user, ask + them to either recommit using that key or to remove their key + information. + + Given a maintainter entry like this: + + ``` nix + { + example = { + email = "user@example.com"; + name = "Example User"; + keys = [{ + fingerprint = "0000 0000 2A70 6423 0AED 3C11 F04F 7A19 AAA6 3AFE"; + }]; + } + }; + ``` + + First receive their key from a keyserver: + + $ gpg --recv-keys 0xF04F7A19AAA63AFE + gpg: key 0xF04F7A19AAA63AFE: public key "Example <user@example.com>" imported + gpg: Total number processed: 1 + gpg: imported: 1 + + Then check the commit is signed by that key: + + $ git log --show-signature + commit b87862a4f7d32319b1de428adb6cdbdd3a960153 + gpg: Signature made Wed Mar 12 13:32:24 2003 +0000 + gpg: using RSA key 000000002A7064230AED3C11F04F7A19AAA63AFE + gpg: Good signature from "Example User <user@example.com> + Author: Example User <user@example.com> + Date: Wed Mar 12 13:32:24 2003 +0000 + + maintainers: adding example + + and validate that there is a `Good signature` and the printed key + matches the user's submitted key. + + Note: GitHub's "Verified" label does not display the user's full key + fingerprint, and should not be used for validating the key matches. + +- If the user has specified a `github` account name, ensure they have + also specified a `githubId` and verify the two match. + + Maintainer entries that include a `github` field must also include + their `githubId`. People can and do change their GitHub name + frequently, and the ID is used as the official and stable identity + of the maintainer. + + Given a maintainer entry like this: + + ``` nix + { + example = { + email = "user@example.com"; + name = "Example User"; + github = "ghost"; + githubId = 10137; + } + }; + ``` + + First, make sure that the listed GitHub handle matches the author of + the commit. + + Then, visit the URL `https://api.github.com/users/ghost` and + validate that the `id` field matches the provided `githubId`. + +## Maintainer teams {#reviewing-contributions-maintainer-teams} + +Feel free to create a new maintainer team in `maintainers/team-list.nix` +when a group is collectively responsible for a collection of packages. +Use taste and personal judgement when deciding if a team is warranted. + +Teams are allowed to define their own rules about membership. + +For example, some teams will represent a business or other group which +wants to carefully track its members. Other teams may be very open about +who can join, and allow anybody to participate. + +When reviewing changes to a team, read the team's scope and the context +around the member list for indications about the team's membership +policy. + +In any case, request reviews from the existing team members. If the team +lists no specific membership policy, feel free to merge changes to the +team after giving the existing members a few days to respond. + +*Important:* If a team says it is a closed group, do not merge additions +to the team without an approval by at least one existing member. + ## Other submissions {#reviewing-contributions-other-submissions} Other type of submissions requires different reviewing steps. diff --git a/nixpkgs/doc/contributing/submitting-changes.chapter.md b/nixpkgs/doc/contributing/submitting-changes.chapter.md index 109d051c016f..d1aa701f0b35 100644 --- a/nixpkgs/doc/contributing/submitting-changes.chapter.md +++ b/nixpkgs/doc/contributing/submitting-changes.chapter.md @@ -96,7 +96,7 @@ We use jbidwatcher as an example for a discontinued project here. 1. Have Nixpkgs checked out locally and up to date. 1. Create a new branch for your change, e.g. `git checkout -b jbidwatcher` -1. Remove the actual package including its directory, e.g. `rm -rf pkgs/applications/misc/jbidwatcher` +1. Remove the actual package including its directory, e.g. `git rm -rf pkgs/applications/misc/jbidwatcher` 1. Remove the package from the list of all packages (`pkgs/top-level/all-packages.nix`). 1. Add an alias for the package name in `pkgs/top-level/aliases.nix` (There is also `pkgs/applications/editors/vim/plugins/aliases.nix`. Package sets typically do not have aliases, so we can't add them there.) @@ -167,24 +167,30 @@ Packages with automated tests are much more likely to be merged in a timely fash ### Tested compilation of all pkgs that depend on this change using `nixpkgs-review` {#submitting-changes-tested-compilation} -If you are updating a package’s version, you can use nixpkgs-review to make sure all packages that depend on the updated package still compile correctly. The `nixpkgs-review` utility can look for and build all dependencies either based on uncommited changes with the `wip` option or specifying a github pull request number. +If you are updating a package’s version, you can use `nixpkgs-review` to make sure all packages that depend on the updated package still compile correctly. The `nixpkgs-review` utility can look for and build all dependencies either based on uncommitted changes with the `wip` option or specifying a GitHub pull request number. -review changes from pull request number 12345: +Review changes from pull request number 12345: ```ShellSession -nix run nixpkgs.nixpkgs-review -c nixpkgs-review pr 12345 +nix-shell -p nixpkgs-review --run "nixpkgs-review pr 12345" ``` -review uncommitted changes: +Alternatively, with flakes (and analogously for the other commands below): ```ShellSession -nix run nixpkgs.nixpkgs-review -c nixpkgs-review wip +nix run nixpkgs#nixpkgs-review -- pr 12345 ``` -review changes from last commit: +Review uncommitted changes: ```ShellSession -nix run nixpkgs.nixpkgs-review -c nixpkgs-review rev HEAD +nix-shell -p nixpkgs-review --run "nixpkgs-review wip" +``` + +Review changes from last commit: + +```ShellSession +nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD" ``` ### Tested execution of all binary files (usually in `./result/bin/`) {#submitting-changes-tested-execution} @@ -227,7 +233,7 @@ digraph { } ``` -[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/periodic-merge-6h.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours. +[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/periodic-merge-6h.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours; these are the blue arrows in the diagram above. The purple arrows in the diagram above are done manually and much less frequently. You can get an idea of how often these merges occur by looking at the git history. ### Master branch {#submitting-changes-master-branch} @@ -236,7 +242,7 @@ The `master` branch is the main development branch. It should only see non-break ### Staging branch {#submitting-changes-staging-branch} -The `staging` branch is a development branch where mass-rebuilds go. It should only see non-breaking mass-rebuild commits. That means it is not to be used for testing, and changes must have been well tested already. If the branch is already in a broken state, please refrain from adding extra new breakages. +The `staging` branch is a development branch where mass-rebuilds go. Mass rebuilds are commits that cause rebuilds for many packages, like more than 500 (or perhaps, if it's 'light' packages, 1000). It should only see non-breaking mass-rebuild commits. That means it is not to be used for testing, and changes must have been well tested already. If the branch is already in a broken state, please refrain from adding extra new breakages. ### Staging-next branch {#submitting-changes-staging-next-branch} diff --git a/nixpkgs/doc/doc-support/default.nix b/nixpkgs/doc/doc-support/default.nix index 53990b677196..429c7a5fbe80 100644 --- a/nixpkgs/doc/doc-support/default.nix +++ b/nixpkgs/doc/doc-support/default.nix @@ -1,5 +1,8 @@ { pkgs ? (import ../.. {}), nixpkgs ? { }}: let + inherit (pkgs) lib; + inherit (lib) hasPrefix removePrefix; + locationsXml = import ./lib-function-locations.nix { inherit pkgs nixpkgs; }; functionDocs = import ./lib-function-docs.nix { inherit locationsXml pkgs; }; version = pkgs.lib.version; @@ -23,6 +26,26 @@ let <xsl:import href="${./parameters.xml}"/> </xsl:stylesheet> ''; + + # NB: This file describes the Nixpkgs manual, which happens to use module + # docs infra originally developed for NixOS. + optionsDoc = pkgs.nixosOptionsDoc { + inherit (pkgs.lib.evalModules { modules = [ ../../pkgs/top-level/config.nix ]; }) options; + documentType = "none"; + transformOptions = opt: + opt // { + declarations = + map + (decl: + if hasPrefix (toString ../..) (toString decl) + then + let subpath = removePrefix "/" (removePrefix (toString ../..) (toString decl)); + in { url = "https://github.com/NixOS/nixpkgs/blob/master/${subpath}"; name = subpath; } + else decl) + opt.declarations; + }; + }; + in pkgs.runCommand "doc-support" {} '' mkdir result @@ -30,6 +53,7 @@ in pkgs.runCommand "doc-support" {} cd result ln -s ${locationsXml} ./function-locations.xml ln -s ${functionDocs} ./function-docs + ln -s ${optionsDoc.optionsDocBook} ./config-options.docbook.xml ln -s ${pkgs.docbook5}/xml/rng/docbook/docbook.rng ./docbook.rng ln -s ${pkgs.docbook_xsl_ns}/xml/xsl ./xsl diff --git a/nixpkgs/doc/doc-support/parameters.xml b/nixpkgs/doc/doc-support/parameters.xml index e4b33e66ee4d..8b413dcd337a 100644 --- a/nixpkgs/doc/doc-support/parameters.xml +++ b/nixpkgs/doc/doc-support/parameters.xml @@ -11,4 +11,5 @@ <xsl:param name="toc.section.depth" select="0" /> <xsl:param name="admon.style" select="''" /> <xsl:param name="callout.graphics.extension" select="'.svg'" /> + <xsl:param name="generate.consistent.ids" select="1" /> </xsl:stylesheet> diff --git a/nixpkgs/doc/hooks/index.xml b/nixpkgs/doc/hooks/index.xml new file mode 100644 index 000000000000..6a046eae2885 --- /dev/null +++ b/nixpkgs/doc/hooks/index.xml @@ -0,0 +1,10 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + xml:id="chap-hooks"> + <title>Hooks reference</title> + <para> + Nixpkgs has several hook packages that augment the stdenv phases. + </para> + <xi:include href="./postgresql-test-hook.section.xml" /> +</chapter> diff --git a/nixpkgs/doc/hooks/postgresql-test-hook.section.md b/nixpkgs/doc/hooks/postgresql-test-hook.section.md new file mode 100644 index 000000000000..077fac14ebbf --- /dev/null +++ b/nixpkgs/doc/hooks/postgresql-test-hook.section.md @@ -0,0 +1,59 @@ + +# `postgresqlTestHook` {#sec-postgresqlTestHook} + +This hook starts a PostgreSQL server during the `checkPhase`. Example: + +```nix +{ stdenv, postgresql, postgresqlTestHook }: +stdenv.mkDerivation { + + # ... + + checkInputs = [ + postgresql + postgresqlTestHook + ]; +} +``` + +If you use a custom `checkPhase`, remember to add the `runHook` calls: +```nix + checkPhase '' + runHook preCheck + + # ... your tests + + runHook postCheck + '' +``` + +## Variables {#sec-postgresqlTestHook-variables} + +The hook logic will read a number of variables and set them to a default value if unset or empty. + +Exported variables: + + - `PGDATA`: location of server files. + - `PGHOST`: location of UNIX domain socket directory; the default `host` in a connection string. + - `PGUSER`: user to create / log in with, default: `test_user`. + - `PGDATABASE`: database name, default: `test_db`. + +Bash-only variables: + + - `postgresqlTestUserOptions`: SQL options to use when creating the `$PGUSER` role, default: `LOGIN`. + - `postgresqlTestSetupSQL`: SQL commands to run as database administrator after startup, default: statements that create `$PGUSER` and `$PGDATABASE`. + - `postgresqlTestSetupCommands`: bash commands to run after database start, defaults to running `$postgresqlTestSetupSQL` as database administrator. + - `postgresqlEnableTCP`: set to `1` to enable TCP listening. Flaky; not recommended. + - `postgresqlStartCommands`: defaults to `pg_ctl start`. + +## TCP and the Nix sandbox {#sec-postgresqlTestHook-tcp} + +`postgresqlEnableTCP` relies on network sandboxing, which is not available on macOS and some custom Nix installations, resulting in flaky tests. +For this reason, it is disabled by default. + +The preferred solution is to make the test suite use a UNIX domain socket connection. This is the default behavior when no `host` connection parameter is provided. +Some test suites hardcode a value for `host` though, so a patch may be required. If you can upstream the patch, you can make `host` default to the `PGHOST` environment variable when set. Otherwise, you can patch it locally to omit the `host` connection string parameter altogether. + +::: {.note} +The error `libpq: failed (could not receive data from server: Connection refused` is generally an indication that the test suite is trying to connect through TCP. +::: diff --git a/nixpkgs/doc/languages-frameworks/chicken.section.md b/nixpkgs/doc/languages-frameworks/chicken.section.md new file mode 100644 index 000000000000..d8c35bd20c50 --- /dev/null +++ b/nixpkgs/doc/languages-frameworks/chicken.section.md @@ -0,0 +1,49 @@ +# CHICKEN {#sec-chicken} + +[CHICKEN](https://call-cc.org/) is a +[R⁵RS](https://schemers.org/Documents/Standards/R5RS/HTML/)-compliant Scheme +compiler. It includes an interactive mode and a custom package format, "eggs". + +## Using Eggs + +Eggs described in nixpkgs are available inside the +`chickenPackages.chickenEggs` attrset. Including an egg as a build input is +done in the typical Nix fashion. For example, to include support for [SRFI +189](https://srfi.schemers.org/srfi-189/srfi-189.html) in a derivation, one +might write: + +```nix + buildInputs = [ + chicken + chickenPackages.chickenEggs.srfi-189 + ]; +``` + +Both `chicken` and its eggs have a setup hook which configures the environment +variables `CHICKEN_INCLUDE_PATH` and `CHICKEN_REPOSITORY_PATH`. + +## Updating Eggs + +nixpkgs only knows about a subset of all published eggs. It uses +[egg2nix](https://github.com/the-kenny/egg2nix) to generate a +package set from a list of eggs to include. + +The package set is regenerated by running the following shell commands: + +``` +$ nix-shell -p chickenPackages.egg2nix +$ cd pkgs/development/compilers/chicken/5/ +$ egg2nix eggs.scm > eggs.nix +``` + +## Adding Eggs + +When we run `egg2nix`, we obtain one collection of eggs with +mutually-compatible versions. This means that when we add new eggs, we may +need to update existing eggs. To keep those separate, follow the procedure for +updating eggs before including more eggs. + +To include more eggs, edit `pkgs/development/compilers/chicken/5/eggs.scm`. +The first section of this file lists eggs which are required by `egg2nix` +itself; all other eggs go into the second section. After editing, follow the +procedure for updating eggs. diff --git a/nixpkgs/doc/languages-frameworks/coq.section.md b/nixpkgs/doc/languages-frameworks/coq.section.md index 9a692104a041..901332a7d34f 100644 --- a/nixpkgs/doc/languages-frameworks/coq.section.md +++ b/nixpkgs/doc/languages-frameworks/coq.section.md @@ -5,9 +5,11 @@ The Coq derivation is overridable through the `coq.override overrides`, where overrides is an attribute set which contains the arguments to override. We recommend overriding either of the following * `version` (optional, defaults to the latest version of Coq selected for nixpkgs, see `pkgs/top-level/coq-packages` to witness this choice), which follows the conventions explained in the `coqPackages` section below, -* `customOCamlPackage` (optional, defaults to `null`, which lets Coq choose a version automatically), which can be set to any of the ocaml packages attribute of `ocaml-ng` (such as `ocaml-ng.ocamlPackages_4_10` which is the default for Coq 8.11 for example). +* `customOCamlPackages` (optional, defaults to `null`, which lets Coq choose a version automatically), which can be set to any of the ocaml packages attribute of `ocaml-ng` (such as `ocaml-ng.ocamlPackages_4_10` which is the default for Coq 8.11 for example). * `coq-version` (optional, defaults to the short version e.g. "8.10"), is a version number of the form "x.y" that indicates which Coq's version build behavior to mimic when using a source which is not a release. E.g. `coq.override { version = "d370a9d1328a4e1cdb9d02ee032f605a9d94ec7a"; coq-version = "8.10"; }`. +The associated package set can be optained using `mkCoqPackages coq`, where `coq` is the derivation to use. + ## Coq packages attribute sets: `coqPackages` {#coq-packages-attribute-sets-coqpackages} The recommended way of defining a derivation for a Coq library, is to use the `coqPackages.mkCoqDerivation` function, which is essentially a specialization of `mkDerivation` taking into account most of the specifics of Coq libraries. The following attributes are supported: @@ -29,10 +31,15 @@ The recommended way of defining a derivation for a Coq library, is to use the `c * `releaseRev` (optional, defaults to `(v: v)`), provides a default mapping from release names to revision hashes/branch names/tags, * `displayVersion` (optional), provides a way to alter the computation of `name` from `pname`, by explaining how to display version numbers, * `namePrefix` (optional, defaults to `[ "coq" ]`), provides a way to alter the computation of `name` from `pname`, by explaining which dependencies must occur in `name`, -* `extraNativeBuildInputs` (optional), by default `nativeBuildInputs` just contains `coq`, this allows to add more native build inputs, `nativeBuildInputs` are executables and `buildInputs` are libraries and dependencies, -* `extraBuildInputs` (optional), this allows to add more build inputs, -* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `extraBuildInputs` to depend on the same package set Coq was built against. -* `useDune2ifVersion` (optional, default to `(x: false)` uses Dune2 to build the package if the provided predicate evaluates to true on the version, e.g. `useDune2if = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`, +* `nativeBuildInputs` (optional), is a list of executables that are required to build the current derivation, in addition to the default ones (namely `which`, `dune` and `ocaml` depending on whether `useDune2`, `useDune2ifVersion` and `mlPlugin` are set). +* `extraNativeBuildInputs` (optional, deprecated), an additional list of derivation to add to `nativeBuildInputs`, +* `overrideNativeBuildInputs` (optional) replaces the default list of derivation to which `nativeBuildInputs` and `extraNativeBuildInputs` adds extra elements, +* `buildInputs` (optional), is a list of libraries and dependencies that are required to build and run the current derivation, in addition to the default one `[ coq ]`, +* `extraBuildInputs` (optional, deprecated), an additional list of derivation to add to `buildInputs`, +* `overrideBuildInputs` (optional) replaces the default list of derivation to which `buildInputs` and `extraBuildInputs` adds extras elements, +* `propagatedBuildInputs` (optional) is passed as is to `mkDerivation`, we recommend to use this for Coq libraries and Coq plugin dependencies, as this makes sure the paths of the compiled libraries and plugins will always be added to the build environements of subsequent derivation, which is necessary for Coq packages to work correctly, +* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `nativeBuildInputs`, `buildInputs`, and `propagatedBuildInputs` to depend on the same package set Coq was built against. +* `useDune2ifVersion` (optional, default to `(x: false)` uses Dune2 to build the package if the provided predicate evaluates to true on the version, e.g. `useDune2ifVersion = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`, * `useDune2` (optional, defaults to `false`) uses Dune2 to build the package if set to true, the presence of this attribute overrides the behavior of the previous one. * `opam-name` (optional, defaults to concatenating with a dash separator the components of `namePrefix` and `pname`), name of the Dune package to build. * `enableParallelBuilding` (optional, defaults to `true`), since it is activated by default, we provide a way to disable it. diff --git a/nixpkgs/doc/languages-frameworks/cuda.section.md b/nixpkgs/doc/languages-frameworks/cuda.section.md new file mode 100644 index 000000000000..fccf66bf79d2 --- /dev/null +++ b/nixpkgs/doc/languages-frameworks/cuda.section.md @@ -0,0 +1,34 @@ +# CUDA {#cuda} + +CUDA-only packages are stored in the `cudaPackages` packages set. This set +includes the `cudatoolkit`, portions of the toolkit in separate derivations, +`cudnn`, `cutensor` and `nccl`. + +A package set is available for each CUDA version, so for example +`cudaPackages_11_6`. Within each set is a matching version of the above listed +packages. Additionally, other versions of the packages that are packaged and +compatible are available as well. For example, there can be a +`cudaPackages.cudnn_8_3_2` package. + +To use one or more CUDA packages in an expression, give the expression a `cudaPackages` parameter, and in case CUDA is optional +```nix +cudaSupport ? false +cudaPackages ? {} +``` + +When using `callPackage`, you can choose to pass in a different variant, e.g. +when a different version of the toolkit suffices +```nix +mypkg = callPackage { cudaPackages = cudaPackages_11_5; } +``` + +If another version of say `cudnn` or `cutensor` is needed, you can override the +package set to make it the default. This guarantees you get a consistent package +set. +```nix +mypkg = let + cudaPackages = cudaPackages_11_5.overrideScope' (final: prev { + cudnn = prev.cudnn_8_3_2; + }}); +in callPackage { inherit cudaPackages; }; +``` diff --git a/nixpkgs/doc/languages-frameworks/dotnet.section.md b/nixpkgs/doc/languages-frameworks/dotnet.section.md index f7af28a16775..4c245a7544e1 100644 --- a/nixpkgs/doc/languages-frameworks/dotnet.section.md +++ b/nixpkgs/doc/languages-frameworks/dotnet.section.md @@ -72,7 +72,7 @@ The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given To package Dotnet applications, you can use `buildDotnetModule`. This has similar arguments to `stdenv.mkDerivation`, with the following additions: * `projectFile` has to be used for specifying the dotnet project file relative to the source root. These usually have `.sln` or `.csproj` file extensions. This can be an array of multiple projects as well. -* `nugetDeps` has to be used to specify the NuGet dependency file. Unfortunately, these cannot be deterministically fetched without a lockfile. A script to fetch these is available as `passthru.fetch-deps`. This file can also be generated manually using `nuget-to-nix` tool, which is available in nixpkgs. +* `nugetDeps` takes either a path to a `deps.nix` file, or a derivation. The `deps.nix` file can be generated using the script attached to `passthru.fetch-deps`. This file can also be generated manually using `nuget-to-nix` tool, which is available in nixpkgs. If the argument is a derivation, it will be used directly and assume it has the same output as `mkNugetDeps`. * `packNupkg` is used to pack project as a `nupkg`, and installs it to `$out/share`. If set to `true`, the derivation can be used as a dependency for another dotnet project by adding it to `projectReferences`. * `projectReferences` can be used to resolve `ProjectReference` project items. Referenced projects can be packed with `buildDotnetModule` by setting the `packNupkg = true` attribute and passing a list of derivations to `projectReferences`. Since we are sharing referenced projects as NuGets they must be added to csproj/fsproj files as `PackageReference` as well. For example, your project has a local dependency: @@ -87,6 +87,7 @@ To package Dotnet applications, you can use `buildDotnetModule`. This has simila * `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`. This gets done in the `preFixup` phase. * `runtimeDeps` is used to wrap libraries into `LD_LIBRARY_PATH`. This is how dotnet usually handles runtime dependencies. * `buildType` is used to change the type of build. Possible values are `Release`, `Debug`, etc. By default, this is set to `Release`. +* `selfContainedBuild` allows to enable the [self-contained](https://docs.microsoft.com/en-us/dotnet/core/deploying/#publish-self-contained) build flag. By default, it is set to false and generated applications have a dependency on the selected dotnet runtime. If enabled, the dotnet runtime is bundled into the executable and the built app has no dependency on Dotnet. * `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used. * `dotnet-runtime` is useful in cases where you need to change what dotnet runtime is being used. This can be either a regular dotnet runtime, or an aspnetcore. * `dotnet-test-sdk` is useful in cases where unit tests expect a different dotnet SDK. By default, this is set to the `dotnet-sdk` attribute. diff --git a/nixpkgs/doc/languages-frameworks/gnome.section.md b/nixpkgs/doc/languages-frameworks/gnome.section.md index 29cb2e0e464a..d5996cce13cf 100644 --- a/nixpkgs/doc/languages-frameworks/gnome.section.md +++ b/nixpkgs/doc/languages-frameworks/gnome.section.md @@ -42,7 +42,21 @@ Unlike other libraries mentioned in this section, GdkPixbuf only supports a sing ### Icons {#ssec-gnome-icons} -When an application uses icons, an icon theme should be available in `XDG_DATA_DIRS` during runtime. The package for the default, icon-less [hicolor-icon-theme](https://www.freedesktop.org/wiki/Software/icon-theme/) (should be propagated by every icon theme) contains [a setup hook](#ssec-gnome-hooks-hicolor-icon-theme) that will pick up icon themes from `buildInputs` and pass it to our wrapper. Unfortunately, relying on that would mean every user has to download the theme included in the package expression no matter their preference. For that reason, we leave the installation of icon theme on the user. If you use one of the desktop environments, you probably already have an icon theme installed. +When an application uses icons, an icon theme should be available in `XDG_DATA_DIRS` during runtime. The package for the default, icon-less [hicolor-icon-theme](https://www.freedesktop.org/wiki/Software/icon-theme/) (should be propagated by every icon theme) contains [a setup hook](#ssec-gnome-hooks-hicolor-icon-theme) that will pick up icon themes from `buildInputs` and add their datadirs to `XDG_ICON_DIRS` environment variable (this is Nixpkgs specific, not actually a XDG standard variable). Unfortunately, relying on that would mean every user has to download the theme included in the package expression no matter their preference. For that reason, we leave the installation of icon theme on the user. If you use one of the desktop environments, you probably already have an icon theme installed. + +In the rare case you need to use icons from dependencies (e.g. when an app forces an icon theme), you can use the following to pick them up: + +```nix + buildInputs = [ + pantheon.elementary-icon-theme + ]; + preFixup = '' + gappsWrapperArgs+=( + # The icon theme is hardcoded. + --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS" + ) + ''; +``` To avoid costly file system access when locating icons, GTK, [as well as Qt](https://woboq.com/blog/qicon-reads-gtk-icon-cache-in-qt57.html), can rely on `icon-theme.cache` files from the themes' top-level directories. These files are generated using `gtk-update-icon-cache`, which is expected to be run whenever an icon is added or removed to an icon theme (typically an application icon into `hicolor` theme) and some programs do indeed run this after icon installation. However, since packages are installed into their own prefix by Nix, this would lead to conflicts. For that reason, `gtk3` provides a [setup hook](#ssec-gnome-hooks-gtk-drop-icon-theme-cache) that will clean the file from installation. Since most applications only ship their own icon that will be loaded on start-up, it should not affect them too much. On the other hand, icon themes are much larger and more widely used so we need to cache them. Because we recommend installing icon themes globally, we will generate the cache files from all packages in a profile using a NixOS module. You can enable the cache generation using `gtk.iconCache.enable` option if your desktop environment does not already do that. @@ -98,7 +112,7 @@ For convenience, it also adds `dconf.lib` for a GIO module implementing a GSetti - []{#ssec-gnome-hooks-dconf} `dconf.lib` is a dependency of `wrapGAppsHook`, which then also adds it to the `GIO_EXTRA_MODULES` variable. -- []{#ssec-gnome-hooks-hicolor-icon-theme} `hicolor-icon-theme`’s setup hook will add icon themes to `XDG_ICON_DIRS` which is prepended to `XDG_DATA_DIRS` by `wrapGAppsHook`. +- []{#ssec-gnome-hooks-hicolor-icon-theme} `hicolor-icon-theme`’s setup hook will add icon themes to `XDG_ICON_DIRS`. - []{#ssec-gnome-hooks-gobject-introspection} `gobject-introspection` setup hook populates `GI_TYPELIB_PATH` variable with `lib/girepository-1.0` directories of dependencies, which is then added to wrapper by `wrapGAppsHook`. It also adds `share` directories of dependencies to `XDG_DATA_DIRS`, which is intended to promote GIR files but it also [pollutes the closures](https://github.com/NixOS/nixpkgs/issues/32790) of packages using `wrapGAppsHook`. diff --git a/nixpkgs/doc/languages-frameworks/go.section.md b/nixpkgs/doc/languages-frameworks/go.section.md index 411205d08e43..8616d64e7c4e 100644 --- a/nixpkgs/doc/languages-frameworks/go.section.md +++ b/nixpkgs/doc/languages-frameworks/go.section.md @@ -11,8 +11,8 @@ The function `buildGoModule` builds Go programs managed with Go modules. It buil In the following is an example expression using `buildGoModule`, the following arguments are of special significance to the function: -- `vendorSha256`: is the hash of the output of the intermediate fetcher derivation. `vendorSha256` can also take `null` as an input. When `null` is used as a value, rather than fetching the dependencies and vendoring them, we use the vendoring included within the source repo. If you'd like to not have to update this field on dependency changes, run `go mod vendor` in your source repo and set `vendorSha256 = null;` -- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorSha256` checksums. +- `vendorHash`: is the hash of the output of the intermediate fetcher derivation. `vendorHash` can also take `null` as an input. When `null` is used as a value, rather than fetching the dependencies and vendoring them, we use the vendoring included within the source repo. If you'd like to not have to update this field on dependency changes, run `go mod vendor` in your source repo and set `vendorHash = null;` +- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums. ```nix pet = buildGoModule rec { @@ -26,7 +26,7 @@ pet = buildGoModule rec { sha256 = "0m2fzpqxk7hrbxsgqplkg7h2p7gv6s1miymv3gvw0cz039skag0s"; }; - vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j"; + vendorHash = "sha256-ciBIR+a1oaYH+H1PcC8cD8ncfJczk1IiJ8iYNM+R6aA="; meta = with lib; { description = "Simple command-line snippet manager, written in Go"; @@ -142,4 +142,8 @@ Removes the pre-existing vendor directory. This should only be used if the depen ### `subPackages` {#var-go-subPackages} -Limits the builder from building child packages that have not been listed. If `subPackages` is not specified, all child packages will be built. +Specified as a string or list of strings. Limits the builder from building child packages that have not been listed. If `subPackages` is not specified, all child packages will be built. + +### `excludedPackages` {#var-go-excludedPackages} + +Specified as a string or list of strings. Causes the builder to skip building child packages that match any of the provided values. If `excludedPackages` is not specified, all child packages will be built. diff --git a/nixpkgs/doc/languages-frameworks/index.xml b/nixpkgs/doc/languages-frameworks/index.xml index f221693e764c..3d5b2f738976 100644 --- a/nixpkgs/doc/languages-frameworks/index.xml +++ b/nixpkgs/doc/languages-frameworks/index.xml @@ -9,8 +9,10 @@ <xi:include href="android.section.xml" /> <xi:include href="beam.section.xml" /> <xi:include href="bower.section.xml" /> + <xi:include href="chicken.section.xml" /> <xi:include href="coq.section.xml" /> <xi:include href="crystal.section.xml" /> + <xi:include href="cuda.section.xml" /> <xi:include href="dhall.section.xml" /> <xi:include href="dotnet.section.xml" /> <xi:include href="emscripten.section.xml" /> diff --git a/nixpkgs/doc/languages-frameworks/javascript.section.md b/nixpkgs/doc/languages-frameworks/javascript.section.md index 817317804923..9d16b951e8dd 100644 --- a/nixpkgs/doc/languages-frameworks/javascript.section.md +++ b/nixpkgs/doc/languages-frameworks/javascript.section.md @@ -8,19 +8,16 @@ The various tools available will be listed in the [tools-overview](#javascript-t ## Getting unstuck / finding code examples -If you find you are lacking inspiration for packing javascript applications, the links below might prove useful. -Searching online for prior art can be helpful if you are running into solved problems. +If you find you are lacking inspiration for packing javascript applications, the links below might prove useful. Searching online for prior art can be helpful if you are running into solved problems. ### Github - Searching Nix files for `mkYarnPackage`: <https://github.com/search?q=mkYarnPackage+language%3ANix&type=code> - - Searching just `flake.nix` files for `mkYarnPackage`: <https://github.com/search?q=mkYarnPackage+filename%3Aflake.nix&type=code> ### Gitlab - Searching Nix files for `mkYarnPackage`: <https://gitlab.com/search?scope=blobs&search=mkYarnPackage+extension%3Anix> - - Searching just `flake.nix` files for `mkYarnPackage`: <https://gitlab.com/search?scope=blobs&search=mkYarnPackage+filename%3Aflake.nix> ## Tools overview {#javascript-tools-overview} @@ -35,109 +32,107 @@ It is often not documented which node version is used upstream, but if it is, tr This can be a problem if upstream is using the latest and greatest and you are trying to use an earlier version of node. Some cryptic errors regarding V8 may appear. -An exception to this: - ### Try to respect the package manager originally used by upstream (and use the upstream lock file) {#javascript-upstream-package-manager} A lock file (package-lock.json, yarn.lock...) is supposed to make reproducible installations of node_modules for each tool. Guidelines of package managers, recommend to commit those lock files to the repos. If a particular lock file is present, it is a strong indication of which package manager is used upstream. -It's better to try to use a nix tool that understand the lock file. Using a different tool might give you hard to understand error because different packages have been installed. An example of problems that could arise can be found [here](https://github.com/NixOS/nixpkgs/pull/126629). Upstream uses npm, but this is an attempt to package it with yarn2nix (that uses yarn.lock) +It's better to try to use a Nix tool that understand the lock file. Using a different tool might give you hard to understand error because different packages have been installed. An example of problems that could arise can be found [here](https://github.com/NixOS/nixpkgs/pull/126629). Upstream use NPM, but this is an attempt to package it with `yarn2nix` (that uses yarn.lock). Using a different tool forces to commit a lock file to the repository. Those files are fairly large, so when packaging for nixpkgs, this approach does not scale well. Exceptions to this rule are: -- when you encounter one of the bugs from a nix tool. In each of the tool specific instructions, known problems will be detailed. If you have a problem with a particular tool, then it's best to try another tool, even if this means you will have to recreate a lock file and commit it to nixpkgs. In general yarn2nix has less known problems and so a simple search in nixpkgs will reveal many yarn.lock files committed -- Some lock files contain particular version of a package that has been pulled off npm for some reason. In that case, you can recreate upstream lock (by removing the original and `npm install`, `yarn`, ...) and commit this to nixpkgs. -- The only tool that supports workspaces (a feature of npm that helps manage sub-directories with different package.json from a single top level package.json) is yarn2nix. If upstream has workspaces you should try yarn2nix. +- When you encounter one of the bugs from a Nix tool. In each of the tool specific instructions, known problems will be detailed. If you have a problem with a particular tool, then it's best to try another tool, even if this means you will have to recreate a lock file and commit it to nixpkgs. In general `yarn2nix` has less known problems and so a simple search in nixpkgs will reveal many yarn.lock files committed. +- Some lock files contain particular version of a package that has been pulled off NPM for some reason. In that case, you can recreate upstream lock (by removing the original and `npm install`, `yarn`, ...) and commit this to nixpkgs. +- The only tool that supports workspaces (a feature of NPM that helps manage sub-directories with different package.json from a single top level package.json) is `yarn2nix`. If upstream has workspaces you should try `yarn2nix`. ### Try to use upstream package.json {#javascript-upstream-package-json} -Exceptions to this rule are +Exceptions to this rule are: -- Sometimes the upstream repo assumes some dependencies be installed globally. In that case you can add them manually to the upstream package.json (`yarn add xxx` or `npm install xxx`, ...). Dependencies that are installed locally can be executed with `npx` for cli tools. (e.g. `npx postcss ...`, this is how you can call those dependencies in the phases). -- Sometimes there is a version conflict between some dependency requirements. In that case you can fix a version (by removing the `^`). -- Sometimes the script defined in the package.json does not work as is. Some scripts for example use cli tools that might not be available, or cd in directory with a different package.json (for workspaces notably). In that case, it's perfectly fine to look at what the particular script is doing and break this down in the phases. In the build script you can see `build:*` calling in turns several other build scripts like `build:ui` or `build:server`. If one of those fails, you can try to separate those into: +- Sometimes the upstream repo assumes some dependencies be installed globally. In that case you can add them manually to the upstream package.json (`yarn add xxx` or `npm install xxx`, ...). Dependencies that are installed locally can be executed with `npx` for CLI tools. (e.g. `npx postcss ...`, this is how you can call those dependencies in the phases). +- Sometimes there is a version conflict between some dependency requirements. In that case you can fix a version by removing the `^`. +- Sometimes the script defined in the package.json does not work as is. Some scripts for example use CLI tools that might not be available, or cd in directory with a different package.json (for workspaces notably). In that case, it's perfectly fine to look at what the particular script is doing and break this down in the phases. In the build script you can see `build:*` calling in turns several other build scripts like `build:ui` or `build:server`. If one of those fails, you can try to separate those into, -```Shell -yarn build:ui -yarn build:server -# OR -npm run build:ui -npm run build:server -``` + ```sh + yarn build:ui + yarn build:server + # OR + npm run build:ui + npm run build:server + ``` -when you need to override a package.json. It's nice to use the one from the upstream src and do some explicit override. Here is an example. + when you need to override a package.json. It's nice to use the one from the upstream source and do some explicit override. Here is an example: -```nix -patchedPackageJSON = final.runCommand "package.json" { } '' - ${jq}/bin/jq '.version = "0.4.0" | - .devDependencies."@jsdoc/cli" = "^0.2.5" - ${sonar-src}/package.json > $out -''; -``` + ```nix + patchedPackageJSON = final.runCommand "package.json" { } '' + ${jq}/bin/jq '.version = "0.4.0" | + .devDependencies."@jsdoc/cli" = "^0.2.5" + ${sonar-src}/package.json > $out + ''; + ``` -you will still need to commit the modified version of the lock files, but at least the overrides are explicit for everyone to see. + You will still need to commit the modified version of the lock files, but at least the overrides are explicit for everyone to see. ### Using node_modules directly {#javascript-using-node_modules} -each tool has an abstraction to just build the node_modules (dependencies) directory. you can always use the stdenv.mkDerivation with the node_modules to build the package (symlink the node_modules directory and then use the package build command). the node_modules abstraction can be also used to build some web framework frontends. For an example of this see how [plausible](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix) is built. mkYarnModules to make the derivation containing node_modules. Then when building the frontend you can just symlink the node_modules directory +Each tool has an abstraction to just build the node_modules (dependencies) directory. You can always use the `stdenv.mkDerivation` with the node_modules to build the package (symlink the node_modules directory and then use the package build command). The node_modules abstraction can be also used to build some web framework frontends. For an example of this see how [plausible](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix) is built. `mkYarnModules` to make the derivation containing node_modules. Then when building the frontend you can just symlink the node_modules directory. ## Javascript packages inside nixpkgs {#javascript-packages-nixpkgs} -The `pkgs/development/node-packages` folder contains a generated collection of -[NPM packages](https://npmjs.com/) that can be installed with the Nix package -manager. +The [pkgs/development/node-packages](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages) folder contains a generated collection of [NPM packages](https://npmjs.com/) that can be installed with the Nix package manager. -As a rule of thumb, the package set should only provide _end user_ software -packages, such as command-line utilities. Libraries should only be added to the -package set if there is a non-NPM package that requires it. +As a rule of thumb, the package set should only provide _end user_ software packages, such as command-line utilities. Libraries should only be added to the package set if there is a non-NPM package that requires it. -When it is desired to use NPM libraries in a development project, use the -`node2nix` generator directly on the `package.json` configuration file of the -project. +When it is desired to use NPM libraries in a development project, use the `node2nix` generator directly on the `package.json` configuration file of the project. -The package set provides support for the official stable Node.js versions. -The latest stable LTS release in `nodePackages`, as well as the latest stable -Current release in `nodePackages_latest`. +The package set provides support for the official stable Node.js versions. The latest stable LTS release in `nodePackages`, as well as the latest stable current release in `nodePackages_latest`. -If your package uses native addons, you need to examine what kind of native -build system it uses. Here are some examples: +If your package uses native addons, you need to examine what kind of native build system it uses. Here are some examples: - `node-gyp` - `node-gyp-builder` - `node-pre-gyp` -After you have identified the correct system, you need to override your package -expression while adding in build system as a build input. For example, `dat` -requires `node-gyp-build`, so [we override](https://github.com/NixOS/nixpkgs/blob/32f5e5da4a1b3f0595527f5195ac3a91451e9b56/pkgs/development/node-packages/default.nix#L37-L40) its expression in [`default.nix`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/default.nix): +After you have identified the correct system, you need to override your package expression while adding in build system as a build input. For example, `dat` requires `node-gyp-build`, so we override its expression in [pkgs/development/node-packages/overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/overrides.nix): ```nix - dat = super.dat.override { - buildInputs = [ self.node-gyp-build pkgs.libtool pkgs.autoconf pkgs.automake ]; - meta.broken = since "12"; - }; + dat = prev.dat.override (oldAttrs: { + buildInputs = [ final.node-gyp-build pkgs.libtool pkgs.autoconf pkgs.automake ]; + meta = oldAttrs.meta // { broken = since "12"; }; + }); ``` ### Adding and Updating Javascript packages in nixpkgs To add a package from NPM to nixpkgs: -1. Modify `pkgs/development/node-packages/node-packages.json` to add, update - or remove package entries to have it included in `nodePackages` and - `nodePackages_latest`. -2. Run the script: `./pkgs/development/node-packages/generate.sh`. +1. Modify [pkgs/development/node-packages/node-packages.json](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/node-packages.json) to add, update or remove package entries to have it included in `nodePackages` and `nodePackages_latest`. +2. Run the script: + + ```sh + ./pkgs/development/node-packages/generate.sh + ``` + 3. Build your new package to test your changes: - `cd /path/to/nixpkgs && nix-build -A nodePackages.<new-or-updated-package>`. - To build against the latest stable Current Node.js version (e.g. 14.x): - `nix-build -A nodePackages_latest.<new-or-updated-package>` -4. Add and commit all modified and generated files. -For more information about the generation process, consult the -[README.md](https://github.com/svanderburg/node2nix) file of the `node2nix` -tool. + ```sh + nix-build -A nodePackages.<new-or-updated-package> + ``` + + To build against the latest stable Current Node.js version (e.g. 18.x): + + ```sh + nix-build -A nodePackages_latest.<new-or-updated-package> + ``` + + If the package doesn't build, you may need to add an override as explained above. +4. If the package's name doesn't match any of the executables it provides, add an entry in [pkgs/development/node-packages/main-programs.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/main-programs.nix). This will be the case for all scoped packages, e.g., `@angular/cli`. +5. Add and commit all modified and generated files. + +For more information about the generation process, consult the [README.md](https://github.com/svanderburg/node2nix) file of the `node2nix` tool. To update NPM packages in nixpkgs, run the same `generate.sh` script: @@ -148,10 +143,11 @@ To update NPM packages in nixpkgs, run the same `generate.sh` script: #### Git protocol error Some packages may have Git dependencies from GitHub specified with `git://`. -GitHub has -[disabled unecrypted Git connections](https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git), -so you may see the following error when running the generate script: -`The unauthenticated git protocol on port 9418 is no longer supported`. +GitHub has [disabled unecrypted Git connections](https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git), so you may see the following error when running the generate script: + +``` +The unauthenticated git protocol on port 9418 is no longer supported +``` Use the following Git configuration to resolve the issue: @@ -165,63 +161,86 @@ git config --global url."https://github.com/".insteadOf git://github.com/ #### Preparation {#javascript-node2nix-preparation} -you will need to generate a nix expression for the dependencies - -- don't forget the `-l package-lock.json` if there is a lock file -- Most probably you will need the `--development` to include the `devDependencies` +You will need to generate a Nix expression for the dependencies. Don't forget the `-l package-lock.json` if there is a lock file. Most probably you will need the `--development` to include the `devDependencies` -so the command will most likely be -`node2nix --development -l package-lock.json` +So the command will most likely be: +```sh +node2nix --development -l package-lock.json +``` -[link to the doc in the repo](https://github.com/svanderburg/node2nix) +See `node2nix` [docs](https://github.com/svanderburg/node2nix) for more info. #### Pitfalls {#javascript-node2nix-pitfalls} -- if upstream package.json does not have a "version" attribute, node2nix will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json) -- node2nix has some [bugs](https://github.com/svanderburg/node2nix/issues/238). related to working with lock files from npm distributed with nodejs-16_x -- node2nix does not like missing packages from npm. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of npm. +- If upstream package.json does not have a "version" attribute, `node2nix` will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json). +- `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from NPM distributed with `nodejs-16_x`. +- `node2nix` does not like missing packages from NPM. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of NPM. ### yarn2nix {#javascript-yarn2nix} #### Preparation {#javascript-yarn2nix-preparation} -you will need at least a yarn.lock and yarn.nix file +You will need at least a `yarn.lock` file. If upstream does not have one you need to generate it and reference it in your package definition. -- generate a yarn.lock in upstream if it is not already there -- `yarn2nix > yarn.nix` will generate the dependencies in a nix format +If the downloaded files contain the `package.json` and `yarn.lock` files they can be used like this: + +```nix +offlineCache = fetchYarnDeps { + yarnLock = src + "/yarn.lock"; + sha256 = "...."; +}; +``` #### mkYarnPackage {#javascript-yarn2nix-mkYarnPackage} -this will by default try to generate a binary. For package only generating static assets (Svelte, Vue, React...), you will need to explicitly override the build step with your instructions. It's important to use the `--offline` flag. For example if you script is `"build": "something"` in package.json use +`mkYarnPackage` will by default try to generate a binary. For package only generating static assets (Svelte, Vue, React, WebPack, ...), you will need to explicitly override the build step with your instructions. + +It's important to use the `--offline` flag. For example if you script is `"build": "something"` in `package.json` use: ```nix buildPhase = '' - yarn build --offline + export HOME=$(mktemp -d) + yarn --offline build ''; ``` -The dist phase is also trying to build a binary, the only way to override it is with +The dist phase is also trying to build a binary, the only way to override it is with: ```nix distPhase = "true"; ``` -the configure phase can sometimes fail because it tries to be too clever. -One common override is +The configure phase can sometimes fail because it makes many assumptions which may not always apply. One common override is: ```nix -configurePhase = "ln -s $node_modules node_modules"; +configurePhase = '' + ln -s $node_modules node_modules +''; +``` + +or if you need a writeable node_modules directory: + +```nix +configurePhase = '' + cp -r $node_modules node_modules + chmod +w node_modules +''; ``` #### mkYarnModules {#javascript-yarn2nix-mkYarnModules} -this will generate a derivation including the node_modules. If you have to build a derivation for an integrated web framework (rails, phoenix..), this is probably the easiest way. [Plausible](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix#L39) offers a good example of how to do this. +This will generate a derivation including the `node_modules` directory. +If you have to build a derivation for an integrated web framework (rails, phoenix..), this is probably the easiest way. #### Overriding dependency behavior In the `mkYarnPackage` record the property `pkgConfig` can be used to override packages when you encounter problems building. -For instance, say your package is throwing errors when trying to invoke node-sass: `ENOENT: no such file or directory, scandir '/build/source/node_modules/node-sass/vendor'` +For instance, say your package is throwing errors when trying to invoke node-sass: + +``` +ENOENT: no such file or directory, scandir '/build/source/node_modules/node-sass/vendor' +``` To fix this we will specify different versions of build inputs to use, as well as some post install steps to get the software built the way we want: @@ -241,9 +260,8 @@ mkYarnPackage rec { #### Pitfalls {#javascript-yarn2nix-pitfalls} -- if version is missing from upstream package.json, yarn will silently install nothing. In that case, you will need to override package.json as shown in the [package.json section](#javascript-upstream-package-json) - -- having trouble with node-gyp? Try adding these lines to the `yarnPreBuild` steps: +- If version is missing from upstream package.json, yarn will silently install nothing. In that case, you will need to override package.json as shown in the [package.json section](#javascript-upstream-package-json) +- Having trouble with `node-gyp`? Try adding these lines to the `yarnPreBuild` steps: ```nix yarnPreBuild = '' @@ -259,20 +277,20 @@ mkYarnPackage rec { ## Outside of nixpkgs {#javascript-outside-nixpkgs} -There are some other options available that can't be used inside nixpkgs. Those other options are written in nix. Importing them in nixpkgs will require moving the source code into nixpkgs. Using [Import From Derivation](https://nixos.wiki/wiki/Import_From_Derivation) is not allowed in hydra at present. If you are packaging something outside nixpkgs, those can be considered +There are some other options available that can't be used inside nixpkgs. Those other options are written in Nix. Importing them in nixpkgs will require moving the source code into nixpkgs. Using [Import From Derivation](https://nixos.wiki/wiki/Import_From_Derivation) is not allowed in Hydra at present. If you are packaging something outside nixpkgs, those can be considered ### npmlock2nix {#javascript-npmlock2nix} -[npmlock2nix](https://github.com/nix-community/npmlock2nix) aims at building node_modules without code generation. It hasn't reached v1 yet, the api might be subject to change. +[npmlock2nix](https://github.com/nix-community/npmlock2nix) aims at building node_modules without code generation. It hasn't reached v1 yet, the API might be subject to change. #### Pitfalls {#javascript-npmlock2nix-pitfalls} -- there are some [problems with npm v7](https://github.com/tweag/npmlock2nix/issues/45). +There are some [problems with npm v7](https://github.com/tweag/npmlock2nix/issues/45). ### nix-npm-buildpackage {#javascript-nix-npm-buildpackage} -[nix-npm-buildpackage](https://github.com/serokell/nix-npm-buildpackage) aims at building node_modules without code generation. It hasn't reached v1 yet, the api might change. It supports both package-lock.json and yarn.lock. +[nix-npm-buildpackage](https://github.com/serokell/nix-npm-buildpackage) aims at building node_modules without code generation. It hasn't reached v1 yet, the API might change. It supports both package-lock.json and yarn.lock. #### Pitfalls {#javascript-nix-npm-buildpackage-pitfalls} -- there are some [problems with npm v7](https://github.com/serokell/nix-npm-buildpackage/issues/33). +There are some [problems with npm v7](https://github.com/serokell/nix-npm-buildpackage/issues/33). diff --git a/nixpkgs/doc/languages-frameworks/maven.section.md b/nixpkgs/doc/languages-frameworks/maven.section.md index f53a6fa8ac22..cc5b4e3ed799 100644 --- a/nixpkgs/doc/languages-frameworks/maven.section.md +++ b/nixpkgs/doc/languages-frameworks/maven.section.md @@ -233,7 +233,8 @@ in stdenv.mkDerivation rec { src = builtins.fetchTarball "https://github.com/fzakaria/nixos-maven-example/archive/main.tar.gz"; - buildInputs = [ maven makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ maven ]; buildPhase = '' echo "Using repository ${repository}" @@ -310,7 +311,8 @@ in stdenv.mkDerivation rec { src = builtins.fetchTarball "https://github.com/fzakaria/nixos-maven-example/archive/main.tar.gz"; - buildInputs = [ maven makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ maven ]; buildPhase = '' echo "Using repository ${repository}" diff --git a/nixpkgs/doc/languages-frameworks/perl.section.md b/nixpkgs/doc/languages-frameworks/perl.section.md index 9bfd209fec5a..28a78cc23441 100644 --- a/nixpkgs/doc/languages-frameworks/perl.section.md +++ b/nixpkgs/doc/languages-frameworks/perl.section.md @@ -1,6 +1,6 @@ # Perl {#sec-language-perl} -## Running perl programs on the shell {#ssec-perl-running} +## Running Perl programs on the shell {#ssec-perl-running} When executing a Perl script, it is possible you get an error such as `./myscript.pl: bad interpreter: /usr/bin/perl: no such file or directory`. This happens when the script expects Perl to be installed at `/usr/bin/perl`, which is not the case when using Perl from nixpkgs. You can fix the script by changing the first line to: @@ -35,15 +35,16 @@ Perl packages from CPAN are defined in [pkgs/top-level/perl-packages.nix](https: ```nix ClassC3 = buildPerlPackage rec { - name = "Class-C3-0.21"; + pname = "Class-C3"; + version = "0.21"; src = fetchurl { - url = "mirror://cpan/authors/id/F/FL/FLORA/${name}.tar.gz"; + url = "mirror://cpan/authors/id/F/FL/FLORA/${pname}-${version}.tar.gz"; sha256 = "1bl8z095y4js66pwxnm7s853pi9czala4sqc743fdlnk27kq94gz"; }; }; ``` -Note the use of `mirror://cpan/`, and the `${name}` in the URL definition to ensure that the name attribute is consistent with the source that we’re actually downloading. Perl packages are made available in `all-packages.nix` through the variable `perlPackages`. For instance, if you have a package that needs `ClassC3`, you would typically write +Note the use of `mirror://cpan/`, and the `pname` and `version` in the URL definition to ensure that the `pname` attribute is consistent with the source that we’re actually downloading. Perl packages are made available in `all-packages.nix` through the variable `perlPackages`. For instance, if you have a package that needs `ClassC3`, you would typically write ```nix foo = import ../path/to/foo.nix { @@ -72,10 +73,11 @@ So what does `buildPerlPackage` do? It does the following: { buildPerlPackage, fetchurl, db }: buildPerlPackage rec { - name = "BerkeleyDB-0.36"; + pname = "BerkeleyDB"; + version = "0.36"; src = fetchurl { - url = "mirror://cpan/authors/id/P/PM/PMQS/${name}.tar.gz"; + url = "mirror://cpan/authors/id/P/PM/PMQS/${pname}-${version}.tar.gz"; sha256 = "07xf50riarb60l1h6m2dqmql8q5dij619712fsgw7ach04d8g3z1"; }; @@ -90,9 +92,10 @@ Dependencies on other Perl packages can be specified in the `buildInputs` and `p ```nix ClassC3Componentised = buildPerlPackage rec { - name = "Class-C3-Componentised-1.0004"; + pname = "Class-C3-Componentised"; + version = "1.0004"; src = fetchurl { - url = "mirror://cpan/authors/id/A/AS/ASH/${name}.tar.gz"; + url = "mirror://cpan/authors/id/A/AS/ASH/${pname}-${version}.tar.gz"; sha256 = "0xql73jkcdbq4q9m0b0rnca6nrlvf5hyzy8is0crdk65bynvs8q1"; }; propagatedBuildInputs = [ @@ -111,7 +114,7 @@ ImageExifTool = buildPerlPackage { version = "11.50"; src = fetchurl { - url = "https://www.sno.phy.queensu.ca/~phil/exiftool/Image-ExifTool-11.50.tar.gz"; + url = "https://www.sno.phy.queensu.ca/~phil/exiftool/${pname}-${version}.tar.gz"; sha256 = "0d8v48y94z8maxkmw1rv7v9m0jg2dc8xbp581njb6yhr7abwqdv3"; }; @@ -139,9 +142,10 @@ This program takes a Perl module name, looks it up on CPAN, fetches and unpacks ```ShellSession $ nix-generate-from-cpan XML::Simple XMLSimple = buildPerlPackage rec { - name = "XML-Simple-2.22"; + pname = "XML-Simple"; + version = "2.22"; src = fetchurl { - url = "mirror://cpan/authors/id/G/GR/GRANTM/${name}.tar.gz"; + url = "mirror://cpan/authors/id/G/GR/GRANTM/XML-Simple-2.22.tar.gz"; sha256 = "b9450ef22ea9644ae5d6ada086dc4300fa105be050a2030ebd4efd28c198eb49"; }; propagatedBuildInputs = [ XMLNamespaceSupport XMLSAX XMLSAXExpat ]; diff --git a/nixpkgs/doc/languages-frameworks/php.section.md b/nixpkgs/doc/languages-frameworks/php.section.md index 5977363323f1..8600e49d4570 100644 --- a/nixpkgs/doc/languages-frameworks/php.section.md +++ b/nixpkgs/doc/languages-frameworks/php.section.md @@ -9,7 +9,7 @@ wide variety of extensions and libraries available. The different versions of PHP that nixpkgs provides are located under attributes named based on major and minor version number; e.g., -`php74` is PHP 7.4. +`php81` is PHP 8.1. Only versions of PHP that are supported by upstream for the entirety of a given NixOS release will be included in that release of @@ -23,7 +23,7 @@ NixOS - not necessarily the latest major release from upstream. All available PHP attributes are wrappers around their respective binary PHP package and provide commonly used extensions this way. The real PHP 7.4 package, i.e. the unwrapped one, is available as -`php74.unwrapped`; see the next section for more details. +`php81.unwrapped`; see the next section for more details. Interactive tools built on PHP are put in `php.packages`; composer is for example available at `php.packages.composer`. diff --git a/nixpkgs/doc/languages-frameworks/python.section.md b/nixpkgs/doc/languages-frameworks/python.section.md index 693ea016e0a5..7fb8ba2e7c27 100644 --- a/nixpkgs/doc/languages-frameworks/python.section.md +++ b/nixpkgs/doc/languages-frameworks/python.section.md @@ -8,9 +8,9 @@ Several versions of the Python interpreter are available on Nix, as well as a high amount of packages. The attribute `python3` refers to the default -interpreter, which is currently CPython 3.9. The attribute `python` refers to +interpreter, which is currently CPython 3.10. The attribute `python` refers to CPython 2.7 for backwards-compatibility. It is also possible to refer to -specific versions, e.g. `python38` refers to CPython 3.8, and `pypy` refers to +specific versions, e.g. `python39` refers to CPython 3.9, and `pypy` refers to the default PyPy interpreter. Python is used a lot, and in different ways. This affects also how it is @@ -26,10 +26,10 @@ however, are in separate sets, with one set per interpreter version. The interpreters have several common attributes. One of these attributes is `pkgs`, which is a package set of Python libraries for this specific interpreter. E.g., the `toolz` package corresponding to the default interpreter -is `python.pkgs.toolz`, and the CPython 3.8 version is `python38.pkgs.toolz`. +is `python.pkgs.toolz`, and the CPython 3.9 version is `python39.pkgs.toolz`. The main package set contains aliases to these package sets, e.g. -`pythonPackages` refers to `python.pkgs` and `python38Packages` to -`python38.pkgs`. +`pythonPackages` refers to `python.pkgs` and `python39Packages` to +`python39.pkgs`. #### Installing Python and packages {#installing-python-and-packages} @@ -54,7 +54,7 @@ with `python.buildEnv` or `python.withPackages` where the interpreter and other executables are wrapped to be able to find each other and all of the modules. In the following examples we will start by creating a simple, ad-hoc environment -with a nix-shell that has `numpy` and `toolz` in Python 3.8; then we will create +with a nix-shell that has `numpy` and `toolz` in Python 3.9; then we will create a re-usable environment in a single-file Python script; then we will create a full Python environment for development with this same environment. @@ -70,10 +70,10 @@ temporary shell session with a Python and a *precise* list of packages (plus their runtime dependencies), with no other Python packages in the Python interpreter's scope. -To create a Python 3.8 session with `numpy` and `toolz` available, run: +To create a Python 3.9 session with `numpy` and `toolz` available, run: ```sh -$ nix-shell -p 'python38.withPackages(ps: with ps; [ numpy toolz ])' +$ nix-shell -p 'python39.withPackages(ps: with ps; [ numpy toolz ])' ``` By default `nix-shell` will start a `bash` session with this interpreter in our @@ -81,8 +81,8 @@ By default `nix-shell` will start a `bash` session with this interpreter in our ```Python console [nix-shell:~/src/nixpkgs]$ python3 -Python 3.8.1 (default, Dec 18 2019, 19:06:26) -[GCC 9.2.0] on linux +Python 3.9.12 (main, Mar 23 2022, 21:36:19) +[GCC 11.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import numpy; import toolz ``` @@ -102,13 +102,16 @@ will still get 1 wrapped Python interpreter. We can start the interpreter directly like so: ```sh -$ nix-shell -p 'python38.withPackages(ps: with ps; [ numpy toolz requests ])' --run python3 -these derivations will be built: - /nix/store/xbdsrqrsfa1yva5s7pzsra8k08gxlbz1-python3-3.8.1-env.drv -building '/nix/store/xbdsrqrsfa1yva5s7pzsra8k08gxlbz1-python3-3.8.1-env.drv'... -created 277 symlinks in user environment -Python 3.8.1 (default, Dec 18 2019, 19:06:26) -[GCC 9.2.0] on linux +$ nix-shell -p "python39.withPackages (ps: with ps; [ numpy toolz requests ])" --run python3 +this derivation will be built: + /nix/store/mpn7k6bkjl41fm51342rafaqfsl10qs4-python3-3.9.12-env.drv +this path will be fetched (0.09 MiB download, 0.41 MiB unpacked): + /nix/store/5gaiacnzi096b6prc6aa1pwrhncmhc8b-python3.9-toolz-0.11.2 +copying path '/nix/store/5gaiacnzi096b6prc6aa1pwrhncmhc8b-python3.9-toolz-0.11.2' from 'https://cache.nixos.org'... +building '/nix/store/mpn7k6bkjl41fm51342rafaqfsl10qs4-python3-3.9.12-env.drv'... +created 279 symlinks in user environment +Python 3.9.12 (main, Mar 23 2022, 21:36:19) +[GCC 11.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import requests >>> @@ -147,7 +150,7 @@ Executing this script requires a `python3` that has `numpy`. Using what we learn in the previous section, we could startup a shell and just run it like so: ```ShellSession -$ nix-shell -p 'python38.withPackages(ps: with ps; [ numpy ])' --run 'python3 foo.py' +$ nix-shell -p 'python39.withPackages(ps: with ps; [ numpy ])' --run 'python3 foo.py' The dot product of [1 2] and [3 4] is: 11 ``` @@ -210,12 +213,12 @@ create a single script with Python dependencies, but in the course of normal development we're usually working in an entire package repository. As explained in the Nix manual, `nix-shell` can also load an expression from a -`.nix` file. Say we want to have Python 3.8, `numpy` and `toolz`, like before, +`.nix` file. Say we want to have Python 3.9, `numpy` and `toolz`, like before, in an environment. We can add a `shell.nix` file describing our dependencies: ```nix with import <nixpkgs> {}; -(python38.withPackages (ps: [ps.numpy ps.toolz])).env +(python39.withPackages (ps: [ps.numpy ps.toolz])).env ``` And then at the command line, just typing `nix-shell` produces the same @@ -229,7 +232,7 @@ What's happening here? imports the `<nixpkgs>` function, `{}` calls it and the `with` statement brings all attributes of `nixpkgs` in the local scope. These attributes form the main package set. -2. Then we create a Python 3.8 environment with the `withPackages` function, as before. +2. Then we create a Python 3.9 environment with the `withPackages` function, as before. 3. The `withPackages` function expects us to provide a function as an argument that takes the set of all Python packages and returns a list of packages to include in the environment. Here, we select the packages `numpy` and `toolz` @@ -240,7 +243,7 @@ To combine this with `mkShell` you can: ```nix with import <nixpkgs> {}; let - pythonEnv = python38.withPackages (ps: [ + pythonEnv = python39.withPackages (ps: [ ps.numpy ps.toolz ]); @@ -288,7 +291,7 @@ self: super: { ps: with ps; [ pyflakes pytest - python-language-server + black ] )) @@ -378,8 +381,8 @@ information. The output of the function is a derivation. An expression for `toolz` can be found in the Nixpkgs repository. As explained in the introduction of this Python section, a derivation of `toolz` is available -for each interpreter version, e.g. `python38.pkgs.toolz` refers to the `toolz` -derivation corresponding to the CPython 3.8 interpreter. +for each interpreter version, e.g. `python39.pkgs.toolz` refers to the `toolz` +derivation corresponding to the CPython 3.9 interpreter. The above example works when you're directly working on `pkgs/top-level/python-packages.nix` in the Nixpkgs repository. Often though, @@ -392,11 +395,11 @@ and adds it along with a `numpy` package to a Python environment. with import <nixpkgs> {}; ( let - my_toolz = python38.pkgs.buildPythonPackage rec { + my_toolz = python39.pkgs.buildPythonPackage rec { pname = "toolz"; version = "0.10.0"; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; sha256 = "08fdd5ef7c96480ad11c12d472de21acd32359996f69a5259299b540feba4560"; }; @@ -414,7 +417,7 @@ with import <nixpkgs> {}; ``` Executing `nix-shell` will result in an environment in which you can use -Python 3.8 and the `toolz` package. As you can see we had to explicitly mention +Python 3.9 and the `toolz` package. As you can see we had to explicitly mention for which Python version we want to build a package. So, what did we do here? Well, we took the Nix expression that we used earlier @@ -599,10 +602,10 @@ been removed, in this case, it's recommended to use `pytestCheckHook`. #### Using pytestCheckHook {#using-pytestcheckhook} `pytestCheckHook` is a convenient hook which will substitute the setuptools -`test` command for a checkPhase which runs `pytest`. This is also beneficial +`test` command for a `checkPhase` which runs `pytest`. This is also beneficial when a package may need many items disabled to run the test suite. -Using the example above, the analagous pytestCheckHook usage would be: +Using the example above, the analagous `pytestCheckHook` usage would be: ``` checkInputs = [ pytestCheckHook ]; @@ -621,7 +624,7 @@ Using the example above, the analagous pytestCheckHook usage would be: ]; ``` -This is expecially useful when tests need to be conditionallydisabled, +This is expecially useful when tests need to be conditionally disabled, for example: ``` @@ -637,31 +640,99 @@ for example: "socket" ]; ``` -Trying to concatenate the related strings to disable tests in a regular checkPhase -would be much harder to read. This also enables us to comment on why specific tests -are disabled. + +Trying to concatenate the related strings to disable tests in a regular +`checkPhase` would be much harder to read. This also enables us to comment on +why specific tests are disabled. #### Using pythonImportsCheck {#using-pythonimportscheck} -Although unit tests are highly prefered to validate correctness of a package, not -all packages have test suites that can be ran easily, and some have none at all. +Although unit tests are highly preferred to validate correctness of a package, not +all packages have test suites that can be run easily, and some have none at all. To help ensure the package still works, `pythonImportsCheck` can attempt to import the listed modules. ``` pythonImportsCheck = [ "requests" "urllib" ]; ``` + roughly translates to: + ``` postCheck = '' PYTHONPATH=$out/${python.sitePackages}:$PYTHONPATH python -c "import requests; import urllib" ''; ``` -However, this is done in it's own phase, and not dependent on whether `doCheck = true;` + +However, this is done in its own phase, and not dependent on whether `doCheck = true;`. This can also be useful in verifying that the package doesn't assume commonly -present packages (e.g. `setuptools`) +present packages (e.g. `setuptools`). + +#### Using pythonRelaxDepsHook {#using-pythonrelaxdepshook} + +It is common for upstream to specify a range of versions for its package +dependencies. This makes sense, since it ensures that the package will be built +with a subset of packages that is well tested. However, this commonly causes +issues when packaging in Nixpkgs, because the dependencies that this package +may need are too new or old for the package to build correctly. We also cannot +package multiple versions of the same package since this may cause conflicts +in `PYTHONPATH`. + +One way to side step this issue is to relax the dependencies. This can be done +by either removing the package version range or by removing the package +declaration entirely. This can be done using the `pythonRelaxDepsHook` hook. For +example, given the following `requirements.txt` file: + +``` +pkg1<1.0 +pkg2 +pkg3>=1.0,<=2.0 +``` + +we can do: + +``` + nativeBuildInputs = [ pythonRelaxDepsHook ]; + pythonRelaxDeps = [ "pkg1" "pkg3" ]; + pythonRemoveDeps = [ "pkg2" ]; +``` + +which would result in the following `requirements.txt` file: + +``` +pkg1 +pkg3 +``` + +Another option is to pass `true`, that will relax/remove all dependencies, for +example: + +``` + nativeBuildInputs = [ pythonRelaxDepsHook ]; + pythonRelaxDeps = true; +``` + +which would result in the following `requirements.txt` file: + +``` +pkg1 +pkg2 +pkg3 +``` + +In general you should always use `pythonRelaxDeps`, because `pythonRemoveDeps` +will convert build errors into runtime errors. However `pythonRemoveDeps` may +still be useful in exceptional cases, and also to remove dependencies wrongly +declared by upstream (for example, declaring `black` as a runtime dependency +instead of a dev dependency). + +Keep in mind that while the examples above are done with `requirements.txt`, +`pythonRelaxDepsHook` works by modifying the resulting wheel file, so it should +work in any of the formats supported by `buildPythonPackage` currently, +with the exception of `other` (see `format` in +[`buildPythonPackage` parameters](#buildpythonpackage-parameters) for more details). ### Develop local package {#develop-local-package} @@ -671,14 +742,14 @@ creates a special link to the project code. That way, you can run updated code without having to reinstall after each and every change you make. Development mode is also available. Let's see how you can use it. -In the previous Nix expression the source was fetched from an url. We can also +In the previous Nix expression the source was fetched from a url. We can also refer to a local source instead using `src = ./path/to/source/tree;` If we create a `shell.nix` file which calls `buildPythonPackage`, and if `src` is a local source, and if the local source has a `setup.py`, then development mode is activated. -In the following example we create a simple environment that has a Python 3.8 +In the following example, we create a simple environment that has a Python 3.9 version of our package in it, as well as its dependencies and other packages we like to have in the environment, all specified with `propagatedBuildInputs`. Indeed, we can just add any package we like to have in our environment to @@ -686,7 +757,7 @@ Indeed, we can just add any package we like to have in our environment to ```nix with import <nixpkgs> {}; -with python38Packages; +with python39Packages; buildPythonPackage rec { name = "mypackage"; @@ -764,9 +835,9 @@ and in this case the `python38` interpreter is automatically used. ### Interpreters {#interpreters} -Versions 2.7, 3.7, 3.8 and 3.9 of the CPython interpreter are available as -respectively `python27`, `python37`, `python38` and `python39`. The -aliases `python2` and `python3` correspond to respectively `python27` and +Versions 2.7, 3.7, 3.8, 3.9 and 3.10 of the CPython interpreter are available +as respectively `python27`, `python37`, `python38`, `python39` and `python310`. +The aliases `python2` and `python3` correspond to respectively `python27` and `python39`. The attribute `python` maps to `python2`. The PyPy interpreters compatible with Python 2.7 and 3 are available as `pypy27` and `pypy3`, with aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`. The Nix @@ -795,7 +866,7 @@ Each interpreter has the following attributes: ### Optimizations {#optimizations} -The Python interpreters are by default not build with optimizations enabled, because +The Python interpreters are by default not built with optimizations enabled, because the builds are in that case not reproducible. To enable optimizations, override the interpreter of interest, e.g using @@ -846,7 +917,7 @@ and the aliases #### `buildPythonPackage` function {#buildpythonpackage-function} The `buildPythonPackage` function is implemented in -`pkgs/development/interpreters/python/mk-python-derivation` +`pkgs/development/interpreters/python/mk-python-derivation.nix` using setup hooks. The following is an example: @@ -887,7 +958,7 @@ The `buildPythonPackage` mainly does four things: * In the `postFixup` phase, the `wrapPythonPrograms` bash function is called to wrap all programs in the `$out/bin/*` directory to include `$PATH` environment variable and add dependent libraries to script's `sys.path`. -* In the `installCheck` phase, `${python.interpreter} setup.py test` is ran. +* In the `installCheck` phase, `${python.interpreter} setup.py test` is run. By default tests are run because `doCheck = true`. Test dependencies, like e.g. the test runner, should be added to `checkInputs`. @@ -902,7 +973,7 @@ following are specific to `buildPythonPackage`: * `catchConflicts ? true`: If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`. -* `disabled` ? false: If `true`, package is not built for the particular Python +* `disabled ? false`: If `true`, package is not built for the particular Python interpreter version. * `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs. * `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment @@ -982,12 +1053,13 @@ in python.withPackages(ps: [ps.blaze])).env #### Optional extra dependencies Some packages define optional dependencies for additional features. With -`setuptools` this is called `extras_require` and `flit` calls it `extras-require`. A +`setuptools` this is called `extras_require` and `flit` calls it +`extras-require`, while PEP 621 calls these `optional-dependencies`. A method for supporting this is by declaring the extras of a package in its `passthru`, e.g. in case of the package `dask` ```nix -passthru.extras-require = { +passthru.optional-dependencies = { complete = [ distributed ]; }; ``` @@ -997,7 +1069,7 @@ and letting the package requiring the extra add the list to its dependencies ```nix propagatedBuildInputs = [ ... -] ++ dask.extras-require.complete; +] ++ dask.optional-dependencies.complete; ``` Note this method is preferred over adding parameters to builders, as that can @@ -1196,6 +1268,8 @@ are used in `buildPythonPackage`. to run commands only after venv is first created. - `wheelUnpackHook` to move a wheel to the correct folder so it can be installed with the `pipInstallHook`. +- `pythonRelaxDepsHook` will relax Python dependencies restrictions for the package. + See [example usage](#using-pythonrelaxdepshook). ### Development mode {#development-mode} @@ -1351,7 +1425,8 @@ in newpkgs.inkscape ### `python setup.py bdist_wheel` cannot create .whl {#python-setup.py-bdist_wheel-cannot-create-.whl} -Executing `python setup.py bdist_wheel` in a `nix-shell `fails with +Executing `python setup.py bdist_wheel` in a `nix-shell`fails with + ``` ValueError: ZIP does not support timestamps before 1980 ``` @@ -1443,7 +1518,7 @@ in pkgs.mkShell rec { # the environment. pythonPackages.python - # This execute some shell code to initialize a venv in $venvDir before + # This executes some shell code to initialize a venv in $venvDir before # dropping into the shell pythonPackages.venvShellHook @@ -1589,6 +1664,26 @@ self: super: { } ``` +### How to override a Python package for all Python versions using extensions? {#how-to-override-a-python-package-for-all-python-versions-using-extensions} + +The following overlay overrides the call to `buildPythonPackage` for the +`foo` package for all interpreters by appending a Python extension to the +`pythonPackagesExtensions` list of extensions. + +```nix +final: prev: { + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + ( + python-final: python-prev: { + foo = python-prev.foo.overridePythonAttrs (oldAttrs: { + ... + }); + } + ) + ]; +} +``` + ### How to use Intel’s MKL with numpy and scipy? {#how-to-use-intels-mkl-with-numpy-and-scipy} MKL can be configured using an overlay. See the section "[Using overlays to diff --git a/nixpkgs/doc/languages-frameworks/ruby.section.md b/nixpkgs/doc/languages-frameworks/ruby.section.md index e29f97c566c1..d1265097d206 100644 --- a/nixpkgs/doc/languages-frameworks/ruby.section.md +++ b/nixpkgs/doc/languages-frameworks/ruby.section.md @@ -274,7 +274,7 @@ bundlerApp { gemdir = ./.; exes = [ "r10k" ]; - buildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; postBuild = '' wrapProgram $out/bin/r10k --prefix PATH : ${lib.makeBinPath [ git gnutar gzip ]} diff --git a/nixpkgs/doc/languages-frameworks/vim.section.md b/nixpkgs/doc/languages-frameworks/vim.section.md index 563fdf45a861..ec0e60389155 100644 --- a/nixpkgs/doc/languages-frameworks/vim.section.md +++ b/nixpkgs/doc/languages-frameworks/vim.section.md @@ -5,11 +5,9 @@ and additional libraries. Loading can be deferred; see examples. -At the moment we support three different methods for managing plugins: +At the moment we support two different methods for managing plugins: -- Vim packages (*recommend*) -- VAM (=vim-addon-manager) -- Pathogen +- Vim packages (*recommended*) - vim-plug ## Custom configuration {#custom-configuration} @@ -45,7 +43,7 @@ neovim.override { ``` If you want to use `neovim-qt` as a graphical editor, you can configure it by overriding Neovim in an overlay -or passing it an overridden Neovimn: +or passing it an overridden Neovim: ```nix neovim-qt.override { @@ -61,7 +59,7 @@ neovim-qt.override { ## Managing plugins with Vim packages {#managing-plugins-with-vim-packages} -To store you plugins in Vim packages (the native Vim plugin manager, see `:help packages`) the following example can be used: +To store your plugins in Vim packages (the native Vim plugin manager, see `:help packages`) the following example can be used: ```nix vim_configurable.customize { @@ -110,7 +108,7 @@ The resulting package can be added to `packageOverrides` in `~/.nixpkgs/config.n }; myNeovim = neovim.override { configure = { - # add here code from the example section + # add code from the example section here }; }; }; @@ -158,10 +156,10 @@ in ``` ### Specificities for some plugins -#### Tree sitter +#### Treesitter By default `nvim-treesitter` encourages you to download, compile and install -the required tree-sitter grammars at run time with `:TSInstall`. This works +the required Treesitter grammars at run time with `:TSInstall`. This works poorly on NixOS. Instead, to install the `nvim-treesitter` plugins with a set of precompiled grammars, you can use `nvim-treesitter.withPlugins` function: @@ -204,7 +202,7 @@ For Neovim the syntax is: neovim.override { configure = { customRC = '' - # here your custom configuration goes! + # your custom configuration goes here! ''; plug.plugins = with pkgs.vimPlugins; [ vim-go @@ -213,103 +211,6 @@ neovim.override { } ``` -## Managing plugins with VAM {#managing-plugins-with-vam} - -### Handling dependencies of Vim plugins {#handling-dependencies-of-vim-plugins} - -VAM introduced .json files supporting dependencies without versioning -assuming that "using latest version" is ok most of the time. - -### Example {#example} - -First create a vim-scripts file having one plugin name per line. Example: - -```vim -"tlib" -{'name': 'vim-addon-sql'} -{'filetype_regex': '\%(vim)$', 'names': ['reload', 'vim-dev-plugin']} -``` - -Such vim-scripts file can be read by VAM as well like this: - -```vim -call vam#Scripts(expand('~/.vim-scripts'), {}) -``` - -Create a default.nix file: - -```nix -{ nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }: -nixpkgs.vim_configurable.customize { name = "vim"; vimrcConfig.vam.pluginDictionaries = [ "vim-addon-vim2nix" ]; } -``` - -Create a generate.vim file: - -```vim -ActivateAddons vim-addon-vim2nix -let vim_scripts = "vim-scripts" -call nix#ExportPluginsForNix({ -\ 'path_to_nixpkgs': eval('{"'.substitute(substitute(substitute($NIX_PATH, ':', ',', 'g'), '=',':', 'g'), '\([:,]\)', '"\1"',"g").'"}')["nixpkgs"], -\ 'cache_file': '/tmp/vim2nix-cache', -\ 'try_catch': 0, -\ 'plugin_dictionaries': ["vim-addon-manager"]+map(readfile(vim_scripts), 'eval(v:val)') -\ }) -``` - -Then run - -```bash -nix-shell -p vimUtils.vim_with_vim2nix --command "vim -c 'source generate.vim'" -``` - -You should get a Vim buffer with the nix derivations (output1) and vam.pluginDictionaries (output2). -You can add your Vim to your system's configuration file like this and start it by "vim-my": - -```nix -my-vim = - let plugins = let inherit (vimUtils) buildVimPluginFrom2Nix; in { - copy paste output1 here - }; in vim_configurable.customize { - name = "vim-my"; - - vimrcConfig.vam.knownPlugins = plugins; # optional - vimrcConfig.vam.pluginDictionaries = [ - copy paste output2 here - ]; - - # Pathogen would be - # vimrcConfig.pathogen.knownPlugins = plugins; # plugins - # vimrcConfig.pathogen.pluginNames = ["tlib"]; - }; -``` - -Sample output1: - -```nix -"reload" = buildVimPluginFrom2Nix { # created by nix#NixDerivation - name = "reload"; - src = fetchgit { - url = "https://github.com/xolox/vim-reload"; - rev = "0a601a668727f5b675cb1ddc19f6861f3f7ab9e1"; - sha256 = "0vb832l9yxj919f5hfg6qj6bn9ni57gnjd3bj7zpq7d4iv2s4wdh"; - }; - dependencies = ["nim-misc"]; - -}; -[...] -``` - -Sample output2: - -```nix -[ - ''vim-addon-manager'' - ''tlib'' - { "name" = ''vim-addon-sql''; } - { "filetype_regex" = ''\%(vim)$$''; "names" = [ ''reload'' ''vim-dev-plugin'' ]; } -] -``` - ## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs} Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]@[gitref]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`. @@ -326,7 +227,7 @@ Sometimes plugins require an override that must be changed when the plugin is up To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running. -Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim. +Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with vim/neovim. ## Updating plugins in nixpkgs {#updating-plugins-in-nixpkgs} diff --git a/nixpkgs/doc/manual.xml b/nixpkgs/doc/manual.xml index b43021d85ca5..ccbaf40586d1 100644 --- a/nixpkgs/doc/manual.xml +++ b/nixpkgs/doc/manual.xml @@ -25,8 +25,10 @@ <title>Builders</title> <xi:include href="builders/fetchers.chapter.xml" /> <xi:include href="builders/trivial-builders.chapter.xml" /> + <xi:include href="builders/testers.chapter.xml" /> <xi:include href="builders/special.xml" /> <xi:include href="builders/images.xml" /> + <xi:include href="hooks/index.xml" /> <xi:include href="languages-frameworks/index.xml" /> <xi:include href="builders/packages/index.xml" /> </part> diff --git a/nixpkgs/doc/release-notes.xml b/nixpkgs/doc/release-notes.xml deleted file mode 100644 index a15f54667290..000000000000 --- a/nixpkgs/doc/release-notes.xml +++ /dev/null @@ -1,650 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<article xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink"> - <title>Nixpkgs Release Notes</title> - <section xml:id="release-notes-0.14"> - <title>Release 0.14 (June 4, 2012)</title> - - <para> - In preparation for the switch from Subversion to Git, this release is mainly the prevent the Nixpkgs version number from going backwards. (This would happen because prerelease version numbers produced for the Git repository are lower than those for the Subversion repository.) - </para> - - <para> - Since the last release, there have been thousands of changes and new packages by numerous contributors. For details, see the commit logs. - </para> - </section> - <section xml:id="release-notes-0.13"> - <title>Release 0.13 (February 5, 2010)</title> - - <para> - As always, there are many changes. Some of the most important updates are: - <itemizedlist> - <listitem> - <para> - Glibc 2.9. - </para> - </listitem> - <listitem> - <para> - GCC 4.3.3. - </para> - </listitem> - <listitem> - <para> - Linux 2.6.32. - </para> - </listitem> - <listitem> - <para> - X.org 7.5. - </para> - </listitem> - <listitem> - <para> - KDE 4.3.4. - </para> - </listitem> - </itemizedlist> - </para> - </section> - <section xml:id="release-notes-0.12"> - <title>Release 0.12 (April 24, 2009)</title> - - <para> - There are way too many additions to Nixpkgs since the last release to list here: for example, the number of packages on Linux has increased from 1002 to 2159. However, some specific improvements are worth listing: - <itemizedlist> - <listitem> - <para> - Nixpkgs now has a manual. In particular, it describes the standard build environment in detail. - </para> - </listitem> - <listitem> - <para> - Major new packages: - <itemizedlist> - <listitem> - <para> - KDE 4. - </para> - </listitem> - <listitem> - <para> - TeXLive. - </para> - </listitem> - <listitem> - <para> - VirtualBox. - </para> - </listitem> - </itemizedlist> - … and many others. - </para> - </listitem> - <listitem> - <para> - Important updates: - <itemizedlist> - <listitem> - <para> - Glibc 2.7. - </para> - </listitem> - <listitem> - <para> - GCC 4.2.4. - </para> - </listitem> - <listitem> - <para> - Linux 2.6.25 — 2.6.28. - </para> - </listitem> - <listitem> - <para> - Firefox 3. - </para> - </listitem> - <listitem> - <para> - X.org 7.3. - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - Support for building derivations in a virtual machine, including RPM and Debian builds in automatically generated VM images. See <filename>pkgs/build-support/vm/default.nix</filename> for details. - </para> - </listitem> - <listitem> - <para> - Improved support for building Haskell packages. - </para> - </listitem> - </itemizedlist> - </para> - - <para> - The following people contributed to this release: Andres Löh, Arie Middelkoop, Armijn Hemel, Eelco Dolstra, Lluís Batlle, Ludovic Courtès, Marc Weber, Mart Kolthof, Martin Bravenboer, Michael Raskin, Nicolas Pierron, Peter Simons, Pjotr Prins, Rob Vermaas, Sander van der Burg, Tobias Hammerschmidt, Valentin David, Wouter den Breejen and Yury G. Kudryashov. In addition, several people contributed patches on the <literal>nix-dev</literal> mailing list. - </para> - </section> - <section xml:id="release-notes-0.11"> - <title>Release 0.11 (September 11, 2007)</title> - - <para> - This release has the following improvements: - <itemizedlist> - <listitem> - <para> - The standard build environment (<literal>stdenv</literal>) is now pure on the <literal>x86_64-linux</literal> and <literal>powerpc-linux</literal> platforms, just as on <literal>i686-linux</literal>. (Purity means that building and using the standard environment has no dependencies outside of the Nix store. For instance, it doesn’t require an external C compiler such as <filename>/usr/bin/gcc</filename>.) Also, the statically linked binaries used in the bootstrap process are now automatically reproducible, making it easy to update the bootstrap tools and to add support for other Linux platforms. See <filename>pkgs/stdenv/linux/make-bootstrap-tools.nix</filename> for details. - </para> - </listitem> - <listitem> - <para> - Hook variables in the generic builder are now executed using the <function>eval</function> shell command. This has a major advantage: you can write hooks directly in Nix expressions. For instance, rather than writing a builder like this: -<programlisting> -source $stdenv/setup - -postInstall=postInstall -postInstall() { - ln -sf gzip $out/bin/gunzip - ln -sf gzip $out/bin/zcat -} - -genericBuild</programlisting> - (the <literal>gzip</literal> builder), you can just add this attribute to the derivation: -<programlisting> -postInstall = "ln -sf gzip $out/bin/gunzip; ln -sf gzip $out/bin/zcat";</programlisting> - and so a separate build script becomes unnecessary. This should allow us to get rid of most builders in Nixpkgs. - </para> - </listitem> - <listitem> - <para> - It is now possible to have the generic builder pass arguments to <command>configure</command> and <command>make</command> that contain whitespace. Previously, for example, you could say in a builder, -<programlisting> -configureFlags="CFLAGS=-O0"</programlisting> - but not -<programlisting> -configureFlags="CFLAGS=-O0 -g"</programlisting> - since the <literal>-g</literal> would be interpreted as a separate argument to <command>configure</command>. Now you can say -<programlisting> -configureFlagsArray=("CFLAGS=-O0 -g")</programlisting> - or similarly -<programlisting> -configureFlagsArray=("CFLAGS=-O0 -g" "LDFLAGS=-L/foo -L/bar")</programlisting> - which does the right thing. Idem for <literal>makeFlags</literal>, <literal>installFlags</literal>, <literal>checkFlags</literal> and <literal>distFlags</literal>. - </para> - <para> - Unfortunately you can't pass arrays to Bash through the environment, so you can't put the array above in a Nix expression, e.g., -<programlisting> -configureFlagsArray = ["CFLAGS=-O0 -g"];</programlisting> - since it would just be flattened to a since string. However, you <emphasis>can</emphasis> use the inline hooks described above: -<programlisting> -preConfigure = "configureFlagsArray=(\"CFLAGS=-O0 -g\")";</programlisting> - </para> - </listitem> - <listitem> - <para> - The function <function>fetchurl</function> now has support for two different kinds of mirroring of files. First, it has support for <emphasis>content-addressable mirrors</emphasis>. For example, given the <function>fetchurl</function> call -<programlisting> -fetchurl { - url = "http://releases.mozilla.org/<replaceable>...</replaceable>/firefox-2.0.0.6-source.tar.bz2"; - sha1 = "eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082"; -}</programlisting> - <function>fetchurl</function> will first try to download this file from <link - xlink:href="http://tarballs.nixos.org/sha1/eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082"/>. If that file doesn’t exist, it will try the original URL. In general, the “content-addressed” location is <replaceable>mirror</replaceable><literal>/</literal><replaceable>hash-type</replaceable><literal>/</literal><replaceable>hash</replaceable>. There is currently only one content-addressable mirror (<link - xlink:href="http://tarballs.nixos.org"/>), but more can be specified in the <varname>hashedMirrors</varname> attribute in <filename>pkgs/build-support/fetchurl/mirrors.nix</filename>, or by setting the <envar>NIX_HASHED_MIRRORS</envar> environment variable to a whitespace-separated list of URLs. - </para> - <para> - Second, <function>fetchurl</function> has support for widely-mirrored distribution sites such as SourceForge or the Linux kernel archives. Given a URL of the form <literal>mirror://<replaceable>site</replaceable>/<replaceable>path</replaceable></literal>, it will try to download <replaceable>path</replaceable> from a configurable list of mirrors for <replaceable>site</replaceable>. (This idea was borrowed from Gentoo Linux.) Example: -<programlisting> -fetchurl { - url = mirror://gnu/gcc/gcc-4.2.0/gcc-core-4.2.0.tar.bz2; - sha256 = "0ykhzxhr8857dr97z0j9wyybfz1kjr71xk457cfapfw5fjas4ny1"; -}</programlisting> - Currently <replaceable>site</replaceable> can be <literal>sourceforge</literal>, <literal>gnu</literal> and <literal>kernel</literal>. The list of mirrors is defined in <filename>pkgs/build-support/fetchurl/mirrors.nix</filename>. You can override the list of mirrors for a particular site by setting the environment variable <envar>NIX_MIRRORS_<replaceable>site</replaceable></envar>, e.g. -<programlisting> -export NIX_MIRRORS_sourceforge=http://osdn.dl.sourceforge.net/sourceforge/</programlisting> - </para> - </listitem> - <listitem> - <para> - Important updates: - <itemizedlist> - <listitem> - <para> - Glibc 2.5. - </para> - </listitem> - <listitem> - <para> - GCC 4.1.2. - </para> - </listitem> - <listitem> - <para> - Gnome 2.16.3. - </para> - </listitem> - <listitem> - <para> - X11R7.2. - </para> - </listitem> - <listitem> - <para> - Linux 2.6.21.7 and 2.6.22.6. - </para> - </listitem> - <listitem> - <para> - Emacs 22.1. - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - Major new packages: - <itemizedlist> - <listitem> - <para> - KDE 3.5.6 Base. - </para> - </listitem> - <listitem> - <para> - Wine 0.9.43. - </para> - </listitem> - <listitem> - <para> - OpenOffice 2.2.1. - </para> - </listitem> - <listitem> - <para> - Many Linux system packages to support NixOS. - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - </itemizedlist> - </para> - - <para> - The following people contributed to this release: Andres Löh, Arie Middelkoop, Armijn Hemel, Eelco Dolstra, Marc Weber, Mart Kolthof, Martin Bravenboer, Michael Raskin, Wouter den Breejen and Yury G. Kudryashov. - </para> - </section> - <section xml:id="release-notes-0.10"> - <title>Release 0.10 (October 12, 2006)</title> - - <note> - <para> - This release of Nixpkgs requires <link -xlink:href='https://nixos.org/releases/nix/nix-0.10/'>Nix 0.10</link> or higher. - </para> - </note> - - <para> - This release has the following improvements: - </para> - - <itemizedlist> - <listitem> - <para> - <filename>pkgs/system/all-packages-generic.nix</filename> is gone, we now just have <filename>pkgs/top-level/all-packages.nix</filename> that contains all available packages. This should cause much less confusion with users. <filename>all-packages.nix</filename> is a function that by default returns packages for the current platform, but you can override this by specifying a different <varname>system</varname> argument. - </para> - </listitem> - <listitem> - <para> - Certain packages in Nixpkgs are now user-configurable through a configuration file, i.e., without having to edit the Nix expressions in Nixpkgs. For instance, the Firefox provided in the Nixpkgs channel is built without the RealPlayer plugin (for legal reasons). Previously, you could easily enable RealPlayer support by editing the call to the Firefox function in <filename>all-packages.nix</filename>, but such changes are not respected when Firefox is subsequently updated through the Nixpkgs channel. - </para> - <para> - The Nixpkgs configuration file (found in <filename>~/.nixpkgs/config.nix</filename> or through the <envar>NIXPKGS_CONFIG</envar> environment variable) is an attribute set that contains configuration options that <filename>all-packages.nix</filename> reads and uses for certain packages. For instance, the following configuration file: -<programlisting> -{ - firefox = { - enableRealPlayer = true; - }; -}</programlisting> - persistently enables RealPlayer support in the Firefox build. - </para> - <para> - (Actually, <literal>firefox.enableRealPlayer</literal> is the <emphasis>only</emphasis> configuration option currently available, but more are sure to be added.) - </para> - </listitem> - <listitem> - <para> - Support for new platforms: - <itemizedlist> - <listitem> - <para> - <literal>i686-cygwin</literal>, i.e., Windows (using <link xlink:href="http://www.cygwin.com/">Cygwin</link>). The standard environment on <literal>i686-cygwin</literal> by default builds binaries for the Cygwin environment (i.e., it uses Cygwin tools and produces executables that use the Cygwin library). However, there is also a standard environment that produces binaries that use <link - xlink:href="http://www.mingw.org/">MinGW</link>. You can use it by calling <filename>all-package.nix</filename> with the <varname>stdenvType</varname> argument set to <literal>"i686-mingw"</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>i686-darwin</literal>, i.e., Mac OS X on Intel CPUs. - </para> - </listitem> - <listitem> - <para> - <literal>powerpc-linux</literal>. - </para> - </listitem> - <listitem> - <para> - <literal>x86_64-linux</literal>, i.e., Linux on 64-bit AMD/Intel CPUs. Unlike <literal>i686-linux</literal>, this platform doesn’t have a pure <literal>stdenv</literal> yet. - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - The default compiler is now GCC 4.1.1. - </para> - </listitem> - <listitem> - <para> - X11 updated to X.org’s X11R7.1. - </para> - </listitem> - <listitem> - <para> - Notable new packages: - <itemizedlist> - <listitem> - <para> - Opera. - </para> - </listitem> - <listitem> - <para> - Microsoft Visual C++ 2005 Express Edition and the Windows SDK. - </para> - </listitem> - </itemizedlist> - In total there are now around 809 packages in Nixpkgs. - </para> - </listitem> - <listitem> - <para> - It is now <emphasis>much</emphasis> easier to override the default C compiler and other tools in <literal>stdenv</literal> for specific packages. <filename>all-packages.nix</filename> provides two utility functions for this purpose: <function>overrideGCC</function> and <function>overrideInStdenv</function>. Both take a <literal>stdenv</literal> and return an augmented <literal>stdenv</literal>; the formed changes the C compiler, and the latter adds additional packages to the front of <literal>stdenv</literal>’s initial <envar>PATH</envar>, allowing tools to be overridden. - </para> - <para> - For instance, the package <varname>strategoxt</varname> doesn’t build with the GNU Make in <literal>stdenv</literal> (version 3.81), so we call it with an augmented <literal>stdenv</literal> that uses GNU Make 3.80: -<programlisting> -strategoxt = (import ../development/compilers/strategoxt) { - inherit fetchurl pkgconfig sdf aterm; - stdenv = overrideInStdenv stdenv [gnumake380]; -}; - -gnumake380 = <replaceable>...</replaceable>;</programlisting> - Likewise, there are many packages that don’t compile with the default GCC (4.1.1), but that’s easily fixed: -<programlisting> -exult = import ../games/exult { - inherit fetchurl SDL SDL_mixer zlib libpng unzip; - stdenv = overrideGCC stdenv gcc34; -};</programlisting> - </para> - </listitem> - <listitem> - <para> - It has also become much easier to experiment with changes to the <literal>stdenv</literal> setup script (which notably contains the generic builder). Since edits to <filename>pkgs/stdenv/generic/setup.sh</filename> trigger a rebuild of <emphasis>everything</emphasis>, this was formerly quite painful. But now <literal>stdenv</literal> contains a function to “regenerate” <literal>stdenv</literal> with a different setup script, allowing the use of a different setup script for specific packages: -<programlisting> -pkg = import <replaceable>...</replaceable> { - stdenv = stdenv.regenerate ./my-setup.sh; - <replaceable>...</replaceable> -}</programlisting> - </para> - </listitem> - <listitem> - <para> - Packages can now have a human-readable <emphasis>description</emphasis> field. Package descriptions are shown by <literal>nix-env -qa --description</literal>. In addition, they’re shown on the Nixpkgs release page. A description can be added to a package as follows: -<programlisting> -stdenv.mkDerivation { - name = "exult-1.2"; - <replaceable>...</replaceable> - meta = { - description = "A reimplementation of the Ultima VII game engine"; - }; -}</programlisting> - The <varname>meta</varname> attribute is not passed to the builder, so changes to the description do not trigger a rebuild. Additional <varname>meta</varname> attributes may be defined in the future (such as the URL of the package’s homepage, the license, etc.). - </para> - </listitem> - </itemizedlist> - - <para> - The following people contributed to this release: Andres Löh, Armijn Hemel, Christof Douma, Eelco Dolstra, Eelco Visser, Mart Kolthof, Martin Bravenboer, Merijn de Jonge, Rob Vermaas and Roy van den Broek. - </para> - </section> - <section xml:id="release-notes-0.9"> - <title>Release 0.9 (January 31, 2006)</title> - - <para> - There have been zillions of changes since the last release of Nixpkgs. Many packages have been added or updated. The following are some of the more notable changes: - </para> - - <itemizedlist> - <listitem> - <para> - Distribution files have been moved to <link - xlink:href="https://nixos.org/" />. - </para> - </listitem> - <listitem> - <para> - The C library on Linux, Glibc, has been updated to version 2.3.6. - </para> - </listitem> - <listitem> - <para> - The default compiler is now GCC 3.4.5. GCC 4.0.2 is also available. - </para> - </listitem> - <listitem> - <para> - The old, unofficial Xlibs has been replaced by the official modularised X11 distribution from X.org, i.e., X11R7.0. X11R7.0 consists of 287 (!) packages, all of which are in Nixpkgs though not all have been tested. It is now possible to build a working X server (previously we only had X client libraries). We use a fully Nixified X server on NixOS. - </para> - </listitem> - <listitem> - <para> - The Sun JDK 5 has been purified, i.e., it doesn’t require any non-Nix components such as <filename>/lib/ld-linux.so.2</filename>. This means that Java applications such as Eclipse and Azureus can run on NixOS. - </para> - </listitem> - <listitem> - <para> - Hardware-accelerated OpenGL support, used by games like Quake 3 (which is now built from source). - </para> - </listitem> - <listitem> - <para> - Improved support for FreeBSD on x86. - </para> - </listitem> - <listitem> - <para> - Improved Haskell support; e.g., the GHC build is now pure. - </para> - </listitem> - <listitem> - <para> - Some support for cross-compilation: cross-compiling builds of GCC and Binutils, and cross-compiled builds of the C library uClibc. - </para> - </listitem> - <listitem> - <para> - Notable new packages: - <itemizedlist> - <listitem> - <para> - teTeX, including support for building LaTeX documents using Nix (with automatic dependency determination). - </para> - </listitem> - <listitem> - <para> - Ruby. - </para> - </listitem> - <listitem> - <para> - System-level packages to support NixOS, e.g. Grub, GNU <literal>parted</literal> and so on. - </para> - </listitem> - <listitem> - <para> - <literal>ecj</literal>, the Eclipse Compiler for Java, so we finally have a freely distributable compiler that supports Java 5.0. - </para> - </listitem> - <listitem> - <para> - <literal>php</literal>. - </para> - </listitem> - <listitem> - <para> - The GIMP. - </para> - </listitem> - <listitem> - <para> - Inkscape. - </para> - </listitem> - <listitem> - <para> - GAIM. - </para> - </listitem> - <listitem> - <para> - <literal>kdelibs</literal>. This allows us to add KDE-based packages (such as <literal>kcachegrind</literal>). - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - </itemizedlist> - - <para> - The following people contributed to this release: Andres Löh, Armijn Hemel, Bogdan Dumitriu, Christof Douma, Eelco Dolstra, Eelco Visser, Mart Kolthof, Martin Bravenboer, Rob Vermaas and Roy van den Broek. - </para> - </section> - <section xml:id="release-notes-0.8"> - <title>Release 0.8 (April 11, 2005)</title> - - <para> - This release is mostly to remain synchronised with the changed hashing scheme in Nix 0.8. - </para> - - <para> - Notable updates: - <itemizedlist> - <listitem> - <para> - Adobe Reader 7.0 - </para> - </listitem> - <listitem> - <para> - Various security updates (zlib 1.2.2, etc.) - </para> - </listitem> - </itemizedlist> - </para> - </section> - <section xml:id="release-notes-0.7"> - <title>Release 0.7 (March 14, 2005)</title> - - <itemizedlist> - <listitem> - <para> - The bootstrap process for the standard build environment on Linux (stdenv-linux) has been improved. It is no longer dependent in its initial bootstrap stages on the system Glibc, GCC, and other tools. Rather, Nixpkgs contains a statically linked bash and curl, and uses that to download other statically linked tools. These are then used to build a Glibc and dynamically linked versions of all other tools. - </para> - <para> - This change also makes the bootstrap process faster. For instance, GCC is built only once instead of three times. - </para> - <para> - (Contributed by Armijn Hemel.) - </para> - </listitem> - <listitem> - <para> - Tarballs used by Nixpkgs are now obtained from the same server that hosts Nixpkgs (<link - xlink:href="http://catamaran.labs.cs.uu.nl/" />). This reduces the risk of packages being unbuildable due to moved or deleted files on various servers. - </para> - </listitem> - <listitem> - <para> - There now is a generic mechanism for building Perl modules. See the various Perl modules defined in pkgs/system/all-packages-generic.nix. - </para> - </listitem> - <listitem> - <para> - Notable new packages: - <itemizedlist> - <listitem> - <para> - Qt 3 - </para> - </listitem> - <listitem> - <para> - MySQL - </para> - </listitem> - <listitem> - <para> - MythTV - </para> - </listitem> - <listitem> - <para> - Mono - </para> - </listitem> - <listitem> - <para> - MonoDevelop (alpha) - </para> - </listitem> - <listitem> - <para> - Xine - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - <listitem> - <para> - Notable updates: - <itemizedlist> - <listitem> - <para> - GCC 3.4.3 - </para> - </listitem> - <listitem> - <para> - Glibc 2.3.4 - </para> - </listitem> - <listitem> - <para> - GTK 2.6 - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - </itemizedlist> - </section> -</article> diff --git a/nixpkgs/doc/stdenv/cross-compilation.chapter.md b/nixpkgs/doc/stdenv/cross-compilation.chapter.md index f6e61a1af196..0eff70de5ca1 100644 --- a/nixpkgs/doc/stdenv/cross-compilation.chapter.md +++ b/nixpkgs/doc/stdenv/cross-compilation.chapter.md @@ -78,21 +78,46 @@ If both the dependency and depending packages aren't compilers or other machine- Finally, if the depending package is a compiler or other machine-code-producing tool, it might need dependencies that run at "emit time". This is for compilers that (regrettably) insist on being built together with their source languages' standard libraries. Assuming build != host != target, a run-time dependency of the standard library cannot be run at the compiler's build time or run time, but only at the run time of code emitted by the compiler. -Putting this all together, that means we have dependencies in the form "host → target", in at most the following six combinations: +Putting this all together, that means that we have dependency types of the form "X→ E", which means that the dependency executes on X and emits code for E; each of X and E can be `build`, `host`, or `target`, and E can be `*` to indicate that the dependency is not a compiler-like package. + +Dependency types describe the relationships that a package has with each of its transitive dependencies. You could think of attaching one or more dependency types to each of the formal parameters at the top of a package's `.nix` file, as well as to all of *their* formal parameters, and so on. Triples like `(foo, bar, baz)`, on the other hand, are a property of an instantiated derivation -- you could would attach a triple `(mips-linux, mips-linux, sparc-solaris)` to a `.drv` file in `/nix/store`. + +Only nine dependency types matter in practice: #### Possible dependency types {#possible-dependency-types} -| Dependency’s host platform | Dependency’s target platform | -|----------------------------|------------------------------| -| build | build | -| build | host | -| build | target | -| host | host | -| host | target | -| target | target | +| Dependency type | Dependency’s host platform | Dependency’s target platform | +|-----------------|----------------------------|------------------------------| +| build → * | build | (none) | +| build → build | build | build | +| build → host | build | host | +| build → target | build | target | +| host → * | host | (none) | +| host → host | host | host | +| host → target | host | target | +| target → * | target | (none) | +| target → target | target | target | + +Let's use `g++` as an example to make this table clearer. `g++` is a C++ compiler written in C. Suppose we are building `g++` with a `(build, host, target)` platform triple of `(foo, bar, baz)`. This means we are using a `foo`-machine to build a copy of `g++` which will run on a `bar`-machine and emit binaries for the `baz`-machine. + +* `g++` links against the host platform's `glibc` C library, which is a "host→ *" dependency with a triple of `(bar, bar, *)`. Since it is a library, not a compiler, it has no "target". + +* Since `g++` is written in C, the `gcc` compiler used to compile it is a "build→ host" dependency of `g++` with a triple of `(foo, foo, bar)`. This compiler runs on the build platform and emits code for the host platform. + +* `gcc` links against the build platform's `glibc` C library, which is a "build→ *" dependency with a triple of `(foo, foo, *)`. Since it is a library, not a compiler, it has no "target". + +* This `gcc` is itself compiled by an *earlier* copy of `gcc`. This earlier copy of `gcc` is a "build→ build" dependency of `g++` with a triple of `(foo, foo, foo)`. This "early `gcc`" runs on the build platform and emits code for the build platform. + +* `g++` is bundled with `libgcc`, which includes a collection of target-machine routines for exception handling and +software floating point emulation. `libgcc` would be a "target→ *" dependency with triple `(foo, baz, *)`, because it consists of machine code which gets linked against the output of the compiler that we are building. It is a library, not a compiler, so it has no target of its own. + +* `libgcc` is written in C and compiled with `gcc`. The `gcc` that compiles it will be a "build→ target" dependency with triple `(foo, foo, baz)`. It gets compiled *and run* at `g++`-build-time (on platform `foo`), but must emit code for the `baz`-platform. +* `g++` allows inline assembler code, so it depends on access to a copy of the `gas` assembler. This would be a "host→ target" dependency with triple `(foo, bar, baz)`. -Some examples will make this table clearer. Suppose there's some package that is being built with a `(build, host, target)` platform triple of `(foo, bar, baz)`. If it has a build-time library dependency, that would be a "host → build" dependency with a triple of `(foo, foo, *)` (the target platform is irrelevant). If it needs a compiler to be built, that would be a "build → host" dependency with a triple of `(foo, foo, *)` (the target platform is irrelevant). That compiler, would be built with another compiler, also "build → host" dependency, with a triple of `(foo, foo, foo)`. +* `g++` (and `gcc`) include a library `libgccjit.so`, which wrap the compiler in a library to create a just-in-time compiler. In nixpkgs, this library is in the `libgccjit` package; if C++ required that programs have access to a JIT, `g++` would need to add a "target→ target" dependency for `libgccjit` with triple `(foo, baz, baz)`. This would ensure that the compiler ships with a copy of `libgccjit` which both executes on and generates code for the `baz`-platform. + +* If `g++` itself linked against `libgccjit.so` (for example, to allow compile-time-evaluated C++ expressions), then the `libgccjit` package used to provide this functionality would be a "host→ host" dependency of `g++`: it is code which runs on the `host` and emits code for execution on the `host`. ### Cross packaging cookbook {#ssec-cross-cookbook} @@ -128,6 +153,24 @@ Add the following to your `mkDerivation` invocation. doCheck = stdenv.hostPlatform == stdenv.buildPlatform; ``` +#### Package using Meson needs to run binaries for the host platform during build. {#cross-meson-runs-host-code} + +Add `mesonEmulatorHook` to `nativeBuildInputs` conditionally on if the target binaries can be executed. + +e.g. + +``` +nativeBuildInputs = [ + meson +] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ + mesonEmulatorHook +]; +``` + +Example of an error which this fixes. + +`[Errno 8] Exec format error: './gdk3-scan'` + ## Cross-building packages {#sec-cross-usage} Nixpkgs can be instantiated with `localSystem` alone, in which case there is no cross-compiling and everything is built by and for that system, or also with `crossSystem`, in which case packages run on the latter, but all building happens on the former. Both parameters take the same schema as the 3 (build, host, and target) platforms defined in the previous section. As mentioned above, `lib.systems.examples` has some platforms which are used as arguments for these parameters in practice. You can use them programmatically, or on the command line: diff --git a/nixpkgs/doc/stdenv/meta.chapter.md b/nixpkgs/doc/stdenv/meta.chapter.md index d3e1dd5b27d8..475006b1259b 100644 --- a/nixpkgs/doc/stdenv/meta.chapter.md +++ b/nixpkgs/doc/stdenv/meta.chapter.md @@ -175,6 +175,40 @@ The NixOS tests are available as `nixosTests` in parameters of derivations. For NixOS tests run in a VM, so they are slower than regular package tests. For more information see [NixOS module tests](https://nixos.org/manual/nixos/stable/#sec-nixos-tests). +Alternatively, you can specify other derivations as tests. You can make use of +the optional parameter to inject the correct package without +relying on non-local definitions, even in the presence of `overrideAttrs`. +Here that's `finalAttrs.finalPackage`, but you could choose a different name if +`finalAttrs` already exists in your scope. + +`(mypkg.overrideAttrs f).passthru.tests` will be as expected, as long as the +definition of `tests` does not rely on the original `mypkg` or overrides it in +all places. + +```nix +# my-package/default.nix +{ stdenv, callPackage }: +stdenv.mkDerivation (finalAttrs: { + # ... + passthru.tests.example = callPackage ./example.nix { my-package = finalAttrs.finalPackage; }; +}) +``` + +```nix +# my-package/example.nix +{ runCommand, lib, my-package, ... }: +runCommand "my-package-test" { + nativeBuildInputs = [ my-package ]; + src = lib.sources.sourcesByRegex ./. [ ".*.in" ".*.expected" ]; +} '' + my-package --help + my-package <example.in >example.actual + diff -U3 --color=auto example.expected example.actual + mkdir $out +'' +``` + + ### `timeout` {#var-meta-timeout} A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, it can fail due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`. @@ -215,3 +249,31 @@ Unfree package that cannot be redistributed. You can build it yourself, but you ### `lib.licenses.unfreeRedistributableFirmware`, `"unfree-redistributable-firmware"` {#lib.licenses.unfreeredistributablefirmware-unfree-redistributable-firmware} This package supplies unfree, redistributable firmware. This is a separate value from `unfree-redistributable` because not everybody cares whether firmware is free. + +## Source provenance {#sec-meta-sourceProvenance} + +The value of a package's `meta.sourceProvenance` attribute specifies the provenance of the package's derivation outputs. + +If a package contains elements that are not built from the original source by a nixpkgs derivation, the `meta.sourceProvenance` attribute should be a list containing one or more value from `lib.sourceTypes` defined in [`nixpkgs/lib/source-types.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/source-types.nix). + +Adding this information helps users who have needs related to build transparency and supply-chain security to gain some visibility into their installed software or set policy to allow or disallow installation based on source provenance. + +The presence of a particular `sourceType` in a package's `meta.sourceProvenance` list indicates that the package contains some components falling into that category, though the *absence* of that `sourceType` does not *guarantee* the absence of that category of `sourceType` in the package's contents. A package with no `meta.sourceProvenance` set implies it has no *known* `sourceType`s other than `fromSource`. + +The meaning of the `meta.sourceProvenance` attribute does not depend on the value of the `meta.license` attribute. + +### `lib.sourceTypes.fromSource` {#lib.sourceTypes.fromSource} + +Package elements which are produced by a nixpkgs derivation which builds them from source code. + +### `lib.sourceTypes.binaryNativeCode` {#lib.sourceTypes.binaryNativeCode} + +Native code to be executed on the target system's CPU, built by a third party. This includes packages which wrap a downloaded AppImage or Debian package. + +### `lib.sourceTypes.binaryFirmware` {#lib.sourceTypes.binaryFirmware} + +Code to be executed on a peripheral device or embedded controller, built by a third party. + +### `lib.sourceTypes.binaryBytecode` {#lib.sourceTypes.binaryBytecode} + +Code to run on a VM interpreter or JIT compiled into bytecode by a third party. This includes packages which download Java `.jar` files from another source. diff --git a/nixpkgs/doc/stdenv/multiple-output.chapter.md b/nixpkgs/doc/stdenv/multiple-output.chapter.md index 62bf543e51e5..65156816b991 100644 --- a/nixpkgs/doc/stdenv/multiple-output.chapter.md +++ b/nixpkgs/doc/stdenv/multiple-output.chapter.md @@ -77,7 +77,7 @@ There is a special handling of the `debug` output, described at [](#stdenv-separ A commonly adopted convention in `nixpkgs` is that executables provided by the package are contained within its first output. This convention allows the dependent packages to reference the executables provided by packages in a uniform manner. For instance, provided with the knowledge that the `perl` package contains a `perl` executable it can be referenced as `${pkgs.perl}/bin/perl` within a Nix derivation that needs to execute a Perl script. -The `glibc` package is a deliberate single exception to the “binaries first” convention. The `glibc` has `libs` as its first output allowing the libraries provided by `glibc` to be referenced directly (e.g. `${stdenv.glibc}/lib/ld-linux-x86-64.so.2`). The executables provided by `glibc` can be accessed via its `bin` attribute (e.g. `${stdenv.glibc.bin}/bin/ldd`). +The `glibc` package is a deliberate single exception to the “binaries first” convention. The `glibc` has `libs` as its first output allowing the libraries provided by `glibc` to be referenced directly (e.g. `${glibc}/lib/ld-linux-x86-64.so.2`). The executables provided by `glibc` can be accessed via its `bin` attribute (e.g. `${lib.getBin stdenv.cc.libc}/bin/ldd`). The reason for why `glibc` deviates from the convention is because referencing a library provided by `glibc` is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of `glibc` libraries from Nix packages (please see the documentation on [patchelf](https://github.com/NixOS/patchelf) for more details). diff --git a/nixpkgs/doc/stdenv/platform-notes.chapter.md b/nixpkgs/doc/stdenv/platform-notes.chapter.md index 03e61e333f8b..b47f5af349b8 100644 --- a/nixpkgs/doc/stdenv/platform-notes.chapter.md +++ b/nixpkgs/doc/stdenv/platform-notes.chapter.md @@ -60,3 +60,8 @@ Some common issues when packaging software for Darwin: ``` The package `xcbuild` can be used to build projects that really depend on Xcode. However, this replacement is not 100% compatible with Xcode and can occasionally cause issues. + +- x86_64-darwin uses the 10.12 SDK by default, but some software is not compatible with that version of the SDK. In that case, + the 11.0 SDK used by aarch64-darwin is available for use on x86_64-darwin. To use it, reference `apple_sdk_11_0` instead of + `apple_sdk` in your derivation and use `pkgs.darwin.apple_sdk_11_0.callPackage` instead of `pkgs.callPackage`. On Linux, this will + have the same effect as `pkgs.callPackage`, so you can use `pkgs.darwin.apple_sdk_11_0.callPackage` regardless of platform. diff --git a/nixpkgs/doc/stdenv/stdenv.chapter.md b/nixpkgs/doc/stdenv/stdenv.chapter.md index 1d4ca99e3cbe..b4cc50b509d4 100644 --- a/nixpkgs/doc/stdenv/stdenv.chapter.md +++ b/nixpkgs/doc/stdenv/stdenv.chapter.md @@ -77,7 +77,7 @@ where the builder can do anything it wants, but typically starts with source $stdenv/setup ``` -to let `stdenv` set up the environment (e.g., process the `buildInputs`). If you want, you can still use `stdenv`’s generic builder: +to let `stdenv` set up the environment (e.g. by resetting `PATH` and populating it from build inputs). If you want, you can still use `stdenv`’s generic builder: ```bash source $stdenv/setup @@ -125,7 +125,7 @@ The extension of `PATH` with dependencies, alluded to above, proceeds according A dependency is said to be **propagated** when some of its other-transitive (non-immediate) downstream dependencies also need it as an immediate dependency. [^footnote-stdenv-propagated-dependencies] -It is important to note that dependencies are not necessarily propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up. To determine the exact rules for dependency propagation, we start by assigning to each dependency a couple of ternary numbers (`-1` for `build`, `0` for `host`, and `1` for `target`), representing how respectively its host and target platforms are "offset" from the depending derivation’s platforms. The following table summarize the different combinations that can be obtained: +It is important to note that dependencies are not necessarily propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up. To determine the exact rules for dependency propagation, we start by assigning to each dependency a couple of ternary numbers (`-1` for `build`, `0` for `host`, and `1` for `target`) representing its [dependency type](#possible-dependency-types), which captures how its host and target platforms are each "offset" from the depending derivation’s host and target platforms. The following table summarize the different combinations that can be obtained: | `host → target` | attribute name | offset | | ------------------- | ------------------- | -------- | @@ -317,6 +317,60 @@ The script will be usually run from the root of the Nixpkgs repository but you s For information about how to run the updates, execute `nix-shell maintainers/scripts/update.nix`. +### Recursive attributes in `mkDerivation` {#mkderivation-recursive-attributes} + +If you pass a function to `mkDerivation`, it will receive as its argument the final arguments, including the overrides when reinvoked via `overrideAttrs`. For example: + +```nix +mkDerivation (finalAttrs: { + pname = "hello"; + withFeature = true; + configureFlags = + lib.optionals finalAttrs.withFeature ["--with-feature"]; +}) +``` + +Note that this does not use the `rec` keyword to reuse `withFeature` in `configureFlags`. +The `rec` keyword works at the syntax level and is unaware of overriding. + +Instead, the definition references `finalAttrs`, allowing users to change `withFeature` +consistently with `overrideAttrs`. + +`finalAttrs` also contains the attribute `finalPackage`, which includes the output paths, etc. + +Let's look at a more elaborate example to understand the differences between +various bindings: + +```nix +# `pkg` is the _original_ definition (for illustration purposes) +let pkg = + mkDerivation (finalAttrs: { + # ... + + # An example attribute + packages = []; + + # `passthru.tests` is a commonly defined attribute. + passthru.tests.simple = f finalAttrs.finalPackage; + + # An example of an attribute containing a function + passthru.appendPackages = packages': + finalAttrs.finalPackage.overrideAttrs (newSelf: super: { + packages = super.packages ++ packages'; + }); + + # For illustration purposes; referenced as + # `(pkg.overrideAttrs(x)).finalAttrs` etc in the text below. + passthru.finalAttrs = finalAttrs; + passthru.original = pkg; + }); +in pkg +``` + +Unlike the `pkg` binding in the above example, the `finalAttrs` parameter always references the final attributes. For instance `(pkg.overrideAttrs(x)).finalAttrs.finalPackage` is identical to `pkg.overrideAttrs(x)`, whereas `(pkg.overrideAttrs(x)).original` is the same as the original `pkg`. + +See also the section about [`passthru.tests`](#var-meta-tests). + ## Phases {#sec-stdenv-phases} `stdenv.mkDerivation` sets the Nix [derivation](https://nixos.org/manual/nix/stable/expressions/derivations.html#derivations)'s builder to a script that loads the stdenv `setup.sh` bash library and calls `genericBuild`. Most packaging functions rely on this default builder. @@ -644,12 +698,12 @@ Hook executed at the end of the install phase. ### The fixup phase {#ssec-fixup-phase} -The fixup phase performs some (Nix-specific) post-processing actions on the files installed under `$out` by the install phase. The default `fixupPhase` does the following: +The fixup phase performs (Nix-specific) post-processing actions on the files installed under `$out` by the install phase. The default `fixupPhase` does the following: - It moves the `man/`, `doc/` and `info/` subdirectories of `$out` to `share/`. - It strips libraries and executables of debug information. - On Linux, it applies the `patchelf` command to ELF executables and libraries to remove unused directories from the `RPATH` in order to prevent unnecessary runtime dependencies. -- It rewrites the interpreter paths of shell scripts to paths found in `PATH`. E.g., `/usr/bin/perl` will be rewritten to `/nix/store/some-perl/bin/perl` found in `PATH`. +- It rewrites the interpreter paths of shell scripts to paths found in `PATH`. E.g., `/usr/bin/perl` will be rewritten to `/nix/store/some-perl/bin/perl` found in `PATH`. See [](#patch-shebangs.sh) for details. #### Variables controlling the fixup phase {#variables-controlling-the-fixup-phase} @@ -677,6 +731,10 @@ If set, files in `$out/sbin` are not moved to `$out/bin`. By default, they are. List of directories to search for libraries and executables from which *all* symbols should be stripped. By default, it’s empty. Stripping all symbols is risky, since it may remove not just debug symbols but also ELF information necessary for normal execution. +##### `stripAllListTarget` {#var-stdenv-stripAllListTarget} + +Like `stripAllList`, but only applies to packages’ target platform. By default, it’s empty. Useful when supporting cross compilation. + ##### `stripAllFlags` {#var-stdenv-stripAllFlags} Flags passed to the `strip` command applied to the files in the directories listed in `stripAllList`. Defaults to `-s` (i.e. `--strip-all`). @@ -685,6 +743,10 @@ Flags passed to the `strip` command applied to the files in the directories list List of directories to search for libraries and executables from which only debugging-related symbols should be stripped. It defaults to `lib lib32 lib64 libexec bin sbin`. +##### `stripDebugListTarget` {#var-stdenv-stripDebugListTarget} + +Like `stripDebugList`, but only applies to packages’ target platform. By default, it’s empty. Useful when supporting cross compilation. + ##### `stripDebugFlags` {#var-stdenv-stripDebugFlags} Flags passed to the `strip` command applied to the files in the directories listed in `stripDebugList`. Defaults to `-S` (i.e. `--strip-debug`). @@ -695,7 +757,7 @@ If set, the `patchelf` command is not used to remove unnecessary `RPATH` entries ##### `dontPatchShebangs` {#var-stdenv-dontPatchShebangs} -If set, scripts starting with `#!` do not have their interpreter paths rewritten to paths in the Nix store. +If set, scripts starting with `#!` do not have their interpreter paths rewritten to paths in the Nix store. See [](#patch-shebangs.sh) on how patching shebangs works. ##### `dontPruneLibtoolFiles` {#var-stdenv-dontPruneLibtoolFiles} @@ -815,7 +877,7 @@ makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]} ``` -There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. +There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. `wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`. @@ -859,9 +921,9 @@ substitute ./foo.in ./foo.out \ --subst-var someVar ``` -### `substituteInPlace` \<file\> \<subs\> {#fun-substituteInPlace} +### `substituteInPlace` \<multiple files\> \<subs\> {#fun-substituteInPlace} -Like `substitute`, but performs the substitutions in place on the file \<file\>. +Like `substitute`, but performs the substitutions in place on the files passed. ### `substituteAll` \<infile\> \<outfile\> {#fun-substituteAll} @@ -929,7 +991,7 @@ addEnvHooks "$hostOffset" myBashFunction The *existence* of setups hooks has long been documented and packages inside Nixpkgs are free to use this mechanism. Other packages, however, should not rely on these mechanisms not changing between Nixpkgs versions. Because of the existing issues with this system, there’s little benefit from mandating it be stable for any period of time. -First, let’s cover some setup hooks that are part of Nixpkgs default stdenv. This means that they are run for every package built using `stdenv.mkDerivation`. Some of these are platform specific, so they may run on Linux but not Darwin or vice-versa. +First, let’s cover some setup hooks that are part of Nixpkgs default `stdenv`. This means that they are run for every package built using `stdenv.mkDerivation` or when using a custom builder that has `source $stdenv/setup`. Some of these are platform specific, so they may run on Linux but not Darwin or vice-versa. ### `move-docs.sh` {#move-docs.sh} @@ -945,7 +1007,70 @@ This runs the strip command on installed binaries and libraries. This removes un ### `patch-shebangs.sh` {#patch-shebangs.sh} -This setup hook patches installed scripts to use the full path to the shebang interpreter. A shebang interpreter is the first commented line of a script telling the operating system which program will run the script (e.g `#!/bin/bash`). In Nix, we want an exact path to that interpreter to be used. This often replaces `/bin/sh` with a path in the Nix store. +This setup hook patches installed scripts to add Nix store paths to their shebang interpreter as found in the build environment. The [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) line tells a Unix-like operating system which interpreter to use to execute the script's contents. + +::: note +The [generic builder][generic-builder] populates `PATH` from inputs of the derivation. +::: + +[generic-builder]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/stdenv/generic/builder.sh + +#### Invocation {#patch-shebangs.sh-invocation} + +Multiple paths can be specified. + +``` +patchShebangs [--build | --host] PATH... +``` + +##### Flags + +`--build` +: Look up commands available at build time + +`--host` +: Look up commands available at run time + +##### Examples + +```sh +patchShebangs --host /nix/store/<hash>-hello-1.0/bin +``` + +```sh +patchShebangs --build configure +``` + +`#!/bin/sh` will be rewritten to `#!/nix/store/<hash>-some-bash/bin/sh`. + +`#!/usr/bin/env` gets special treatment: `#!/usr/bin/env python` is rewritten to `/nix/store/<hash>/bin/python`. + +Interpreter paths that point to a valid Nix store location are not changed. + +::: note +A script file must be marked as executable, otherwise it will not be +considered. +::: + +This mechanism ensures that the interpreter for a given script is always found and is exactly the one specified by the build. + +It can be disabled by setting [`dontPatchShebangs`](#var-stdenv-dontPatchShebangs): + +```nix +stdenv.mkDerivation { + # ... + dontPatchShebangs = true; + # ... +} +``` + +The file [`patch-shebangs.sh`][patch-shebangs.sh] defines the [`patchShebangs`][patchShebangs] function. It is used to implement [`patchShebangsAuto`][patchShebangsAuto], the [setup hook](#ssec-setup-hooks) that is registered to run during the [fixup phase](#ssec-fixup-phase) by default. + +If you need to run `patchShebangs` at build time, it must be called explicitly within [one of the build phases](#sec-stdenv-phases). + +[patch-shebangs.sh]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh +[patchShebangs]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L24-L105 +[patchShebangsAuto]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L107-L119 ### `audit-tmpdir.sh` {#audit-tmpdir.sh} @@ -1043,7 +1168,7 @@ You can also specify a `runtimeDependencies` variable which lists dependencies t In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value. -By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. +By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies. The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories. @@ -1101,7 +1226,7 @@ The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package ### cmake {#cmake} -Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to CMAKE_PREFIX_PATH so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting configurePhase to a custom value, or by setting dontUseCmakeConfigure. cmakeFlags controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator. +Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator. ### xcbuildHook {#xcbuildhook} @@ -1262,7 +1387,7 @@ If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`. [^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation. [^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`. -[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency. +[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency. [^footnote-stdenv-find-inputs-location]: The `findInputs` function, currently residing in `pkgs/stdenv/generic/setup.sh`, implements the propagation logic. [^footnote-stdenv-sys-lib-search-path]: It clears the `sys_lib_*search_path` variables in the Libtool script to prevent Libtool from using libraries in `/usr/lib` and such. [^footnote-stdenv-build-time-guessing-impurity]: Eventually these will be passed building natively as well, to improve determinism: build-time guessing, as is done today, is a risk of impurity. diff --git a/nixpkgs/doc/using/configuration.chapter.md b/nixpkgs/doc/using/configuration.chapter.md index 932b24237c02..3c46dc3227a6 100644 --- a/nixpkgs/doc/using/configuration.chapter.md +++ b/nixpkgs/doc/using/configuration.chapter.md @@ -77,6 +77,11 @@ The difference between a package being unsupported on some system and being brok ## Installing unfree packages {#sec-allow-unfree} +All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software. +At the same time, many users need (or want) to run some specific pieces of proprietary software. +Nixpkgs includes some expressions for unfree software packages. +By default unfree software cannot be installed and doesn’t show up in searches. + There are several ways to tweak how Nix handles a package which has been marked as unfree. - To temporarily allow all unfree packages, you can use an environment variable for a single invocation of the nix tools: @@ -176,6 +181,15 @@ You can define a function called `packageOverrides` in your local `~/.config/nix } ``` +## `config` Options Reference {#sec-config-options-reference} + +The following attributes can be passed in [`config`](#chap-packageconfig). + +```{=docbook} +<include xmlns="http://www.w3.org/2001/XInclude" href="../doc-support/result/config-options.docbook.xml"/> +``` + + ## Declarative Package Management {#sec-declarative-package-management} ### Build an environment {#sec-building-environment} diff --git a/nixpkgs/doc/using/overrides.chapter.md b/nixpkgs/doc/using/overrides.chapter.md index 66e5103531a9..a97a39354a9d 100644 --- a/nixpkgs/doc/using/overrides.chapter.md +++ b/nixpkgs/doc/using/overrides.chapter.md @@ -39,14 +39,18 @@ The function `overrideAttrs` allows overriding the attribute set passed to a `st Example usage: ```nix -helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec { +helloWithDebug = pkgs.hello.overrideAttrs (finalAttrs: previousAttrs: { separateDebugInfo = true; }); ``` In the above example, the `separateDebugInfo` attribute is overridden to be true, thus building debug info for `helloWithDebug`, while all other attributes will be retained from the original `hello` package. -The argument `oldAttrs` is conventionally used to refer to the attr set originally passed to `stdenv.mkDerivation`. +The argument `previousAttrs` is conventionally used to refer to the attr set originally passed to `stdenv.mkDerivation`. + +The argument `finalAttrs` refers to the final attributes passed to `mkDerivation`, plus the `finalPackage` attribute which is equal to the result of `mkDerivation` or subsequent `overrideAttrs` calls. + +If only a one-argument function is written, the argument has the meaning of `previousAttrs`. ::: {.note} Note that `separateDebugInfo` is processed only by the `stdenv.mkDerivation` function, not the generated, raw Nix derivation. Thus, using `overrideDerivation` will not work in this case, as it overrides only the attributes of the final derivation. It is for this reason that `overrideAttrs` should be preferred in (almost) all cases to `overrideDerivation`, i.e. to allow using `stdenv.mkDerivation` to process input arguments, as well as the fact that it is easier to use (you can use the same attribute names you see in your Nix code, instead of the ones generated (e.g. `buildInputs` vs `nativeBuildInputs`), and it involves less typing). |