[Nix-dev] Proposal: make global dependencies or paths explicit

Wout Mertens wout.mertens at gmail.com
Fri May 15 23:39:35 CEST 2015 

There are a few dependencies in nixos that are hidden from nix as to not
have to recompile the world when they change.

The instances I know of are the timezone files and CA certificates but
there's probably more. The timezone files expect TZDIR to be set, and all
programs are being compiled to check /etc/ssl/certs/ca-bundle.crt.

I would like to propose that all global state is kept at fixed paths (like
it is with ca-bundle) but that all occurences of those paths are instead
replaced with attributes of pkgs.config.statics, so that users can override
them easily.

That way, for other platforms (e.g. Darwin or cygwin) you can point those
paths to where the relevant data is and ideally with a light recompile
you'd have everything working.

Basically, all occurrences of static paths in nixpkgs like /etc or /var
 should be replaced with pkgs.config.statics.zonedir, .ca-bundle,
.system-config (configuration.nix), .nix-config (/etc/nix/nix.conf),
.shell-profile (/etc/profile) etc.

Should be a pretty small change, not resulting in many rebuilds, that
allows for better discoverability and configurability.

As an example benefit, we can now make "/etc/ssl/certs/ca-certificates.crt"
the default instead of ca-bundle.crt, simply change one line.

If we do this for everything, eventually this will for example allow us to
move /etc/passwd and /etc/shadow elsewhere, and having full visibility into
all builds that use it.

I gave the concept a try in my static-paths branch at
https://github.com/wmertens/nixpkgs/tree/static-paths but it's not working
because for some reason the contents of nixpkgs.config varies throughout
evaluation.

Hints welcome. To try, clone that branch and run "nix-build
./nixos/default.nix -A system -v". I added traces for the pkgs.config
contents.

Would be great to have feedback on the naming and other options over
choosing the nixpkgs config as well.

Cheers,

Wout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150515/febda3e6/attachment.html

More information about the nix-dev mailing list