1

In Software packaging and distribution for LHCb using Nix, the authors write:

In order to facilitate this use, software must be stable for long periods; much longer than even Long Term Support operating systems are available. Additionally, the software should reproduce any and all bugs which were present in the original version to ensure the accuracy of the final results. Builds should be reproducible to allow for patches to be carefully introduced.

But NixOS configuration files do not include versions of packages (unlike, say, Rust manifests), e.g.

environment.systemPackages = with pkgs; [ git git-lfs fish neovim nixpkgs-fmt nixos-option # Basic utils killall ];

If I understand correctly, packages can be updated within a channel and they can change when channel is changed.

Then, how to ensure that in 10 years I will be able to get or build the same Nix environment with the same versions packages installed?

Improve this question

1 Answer 1

Reset to default
2

The solution is not using channels and instead pinning Nixpkgs version inside the source code, as described for example in the How to fetch Nixpkgs with an empty NIX_PATH wiki article:

{ pkgs, ... }: let nixpkgs = builtins.fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/3389f23412877913b9d22a58dfb241684653d7e9.tar.gz"; sha256 = "0wgm7sk9fca38a50hrsqwz6q79z35gqgb9nw80xz7pfdr4jy9pf8"; }; in { environment.systemPackages = with pkgs; [ ... ]; # Override the `pkgs` argument of modules. nixpkgs.pkgs = pkgs = import nixpkgs { # Avoid impurities from `NIXPKGS_CONFIG` environment variable and `~/.config/nixpkgs/config.nix`. config = {}; }; }

You can then update by changing the commit hash to a newer version, setting sha256 field to an empty string, trying to rebuild your system and then updating the field to the new hash returned by Nix.

Of course, this is quite labour-intensive so several tools that automate this process appeared:

  • Niv is the older but still great solution that works on regular Nix.

  • Nix flakes are the new solution built directly into Nix. In addition to input (dependency) management, they bring other nice features like more pure evaluation or evaluation caching.

    They are still experimental but many people, including me, already rely on the feature. And while there have not been any backwards incompatible changes in a while, I still would not recommend flakes if long-term reproducibility is the goal. Or if you are not willing to deal with such potential changes.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.