284 lines
23 KiB
Plaintext
284 lines
23 KiB
Plaintext
|
Episode: 1016
|
||
|
|
Title: HPR1016: Nix: The Functional Package Manager
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1016/hpr1016.mp3
|
||
|
|
Transcribed: 2025-10-17 17:27:24
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
Hi, my name is Kylinder Oste, I use the nickname Govny with various parts of the Internet.
|
||
|
|
And I'd like to talk about the NYX project.
|
||
|
|
This is on NYXOS.org and it's actually a collection of open source projects including
|
||
|
|
NYX itself, the purely functional package manager.
|
||
|
|
I'll just read what it says on the page because it describes it better than I can.
|
||
|
|
So this means that it can ensure that an upgrade to one package cannot break others, that
|
||
|
|
you can always roll back to previous versions.
|
||
|
|
That multiple versions of a package can coexist on the same system and much more.
|
||
|
|
NYX packages is a collection of packages, NYX expressions which can be installed and NYXOS
|
||
|
|
is a NYX distribution which supports atomic upgrades, rollbacks, multi-user package management
|
||
|
|
and it has a declarative approach to system configuration management that makes it easy
|
||
|
|
to reproduce a configuration on another machine.
|
||
|
|
And also part of this suite is Hydra which is a continuous build system, it's a build
|
||
|
|
farm if you like, it creates the binary packages from these expressions.
|
||
|
|
And also there's Disneyx which is a deployment system so if you're familiar with things
|
||
|
|
like poppets or a CF engine or stuff like that, this can be used for that type of thing.
|
||
|
|
The NYX package manager can be used independently of NYXOS.
|
||
|
|
You can actually use it to install packages on top of Debian or Red Hat or even to a lesser
|
||
|
|
degree on Mac OS X and even to a lesser degree on Windows.
|
||
|
|
So I've been using the NYX package manager myself for a couple of years now.
|
||
|
|
I started using it on Debian stable as I mean it's to update Firefox and my window manager
|
||
|
|
and things like that without interfering with the base system so I could get all the security
|
||
|
|
patches from Debian and be sure that my base system was solid and then pick and choose
|
||
|
|
whatever updated packages can live or whatever that I cared about I could update that independently
|
||
|
|
using NYX package manager.
|
||
|
|
And after a year of doing that I decided to switch to NYXOS proper and I still do use Debian
|
||
|
|
in virtual machines for development.
|
||
|
|
So according to the NYXOS website itself it describes it as an experimental GNU Linux
|
||
|
|
distribution that aims to improve the state-of-the-art and system configuration management.
|
||
|
|
In existing distributions actions such as upgrades are dangerous.
|
||
|
|
Upgrading a package can cause other packages to break.
|
||
|
|
Upgrading an entire system is much less reliable than reinstalling from scratch.
|
||
|
|
You can't safely test what the results of a configuration change will be and you cannot
|
||
|
|
easily onto changes to the system.
|
||
|
|
So I've been running Linux myself for about ten years and I've tried loads of different
|
||
|
|
distros.
|
||
|
|
I started off on Mandrake and that really got me into things that worked really well and
|
||
|
|
I decided then that I was going to give up my job as a ASP web developer and really
|
||
|
|
getting to open source proper and I wanted to learn more so I thought I'd run Gen2
|
||
|
|
for a while and I did the LPI exam and things like that when I tried to Ubuntu and Mint
|
||
|
|
so I tried to arch for a short while and so you have this choice with Linux distros.
|
||
|
|
You can choose a stable release cycle distro like Debian, Red Hat, Ubuntu or you can choose
|
||
|
|
a rolling release.
|
||
|
|
You can have Gen2 or Arch but what I really wanted to do was to have an operating system
|
||
|
|
I could depend on.
|
||
|
|
I need this for work.
|
||
|
|
I need to use this every day.
|
||
|
|
I need to know that I can turn on my computer and I can do my work.
|
||
|
|
But I also need to have the latest browser for work as well and I also like to be able
|
||
|
|
to install software.
|
||
|
|
I don't want to think that if I install a video editor that maybe this will break strange
|
||
|
|
things and I'll have to spend hours trying to debug what it is before I can use my operating
|
||
|
|
system for doing anything else which can happen.
|
||
|
|
I mean on the CadenLive website it says that if you want to install CadenLive the video
|
||
|
|
editor on Debian the first step is to upgrade to DebianUnstable.
|
||
|
|
Now it's probably an oversimplification.
|
||
|
|
I mean it may well be possible to pin the Qt libraries and ffmb or whatever other dependencies
|
||
|
|
you need and create some configuration in Debian stable which allows you to actually compile
|
||
|
|
the CadenLive for your system without compromising.
|
||
|
|
But it's not simple and this is where the nix package manager fits in beautifully I think.
|
||
|
|
I'd like to quote Aben Moglem slightly out of context actually but he said in 2009 he
|
||
|
|
was actually talking about the freedom box but he said that the architecture of technology
|
||
|
|
in the past 20 years has largely been about the making of platforms rather than communities.
|
||
|
|
You know what platforms are, platforms are sticky things, it's difficult to fall off.
|
||
|
|
So for a commercial operating system it makes a lot of sense to have this stable platform
|
||
|
|
idea.
|
||
|
|
You can release a set of libraries and a complete operating system and the promise to third
|
||
|
|
party developers and users is that this will be the basis for the next few years.
|
||
|
|
You can build upon that and everybody who wants to support your platform just has to
|
||
|
|
care about that one configuration.
|
||
|
|
And as everybody knows this isn't the case in Linux there are loads of different distros.
|
||
|
|
So if you're a software developer and you want to make your software available to the
|
||
|
|
Linux community there's kind of this burden for ensuring that your software works with
|
||
|
|
every conceivable version of every library which is out in the wild.
|
||
|
|
The thing is it just doesn't make sense for everybody who writes free software to agree
|
||
|
|
on everything that okay everybody's going to use this library and we're not going to
|
||
|
|
change for the next five years because it's better for everyone.
|
||
|
|
This is the thing you'll see often debated about like one of the problems of Linux and
|
||
|
|
free software is that it's not a platform and that third party developers or say whoever
|
||
|
|
proprietary software developers don't have a target platform.
|
||
|
|
They can't just like release one thing and distribute it.
|
||
|
|
They have to like take into account that there's all these variations out there.
|
||
|
|
But actually to my mind the major stable releases are an approximation of a platform.
|
||
|
|
It seems like the idea of having long term releases or in fact any kind of release cycle
|
||
|
|
at all is to provide people with something some approximation of a platform and sometimes
|
||
|
|
also here it suggests that if everybody just ran Red Hat or Ubuntu or something then
|
||
|
|
Linux would be excellent.
|
||
|
|
It would be so much easier for developers and also for people who wanted to use Linux
|
||
|
|
because there's less of this overhead.
|
||
|
|
I know there's loads of alternative approaches to tackling this issue including Ubuntu
|
||
|
|
PPAs and Fedora also has their own package system.
|
||
|
|
What I really want to do is present the next package management system and just explain
|
||
|
|
roughly how it does what it does and I think it has some really interesting ideas.
|
||
|
|
I just see this whole thing as an important issue for Linux and I would love if we have
|
||
|
|
these features I wouldn't care if they were implemented in Debian or Fedora or whatever
|
||
|
|
I think it's really valuable to have these features for the sake of the flexibility you
|
||
|
|
get and the confidence you can have in your operating system if you can upgrade any package
|
||
|
|
that you want without fear of your whole system breaking and if things break you can roll
|
||
|
|
back to an older version just instantly.
|
||
|
|
I kind of actually feel that there's this culture and free software that things are supposed
|
||
|
|
to break and that because you benefit from all the hard work that these developers and
|
||
|
|
maintainers put into the distros that it's your responsibility to fill out bug reports
|
||
|
|
and to fix your own computer when things break that's like as a member of the free software
|
||
|
|
community this is what you should do.
|
||
|
|
Thing is it's not always the most convenient time to just put everything aside if your
|
||
|
|
computer is broken you can't do anything else you have to fix your computer right now
|
||
|
|
whereas having this ability to roll back to a working version quickly means you can get
|
||
|
|
download whatever you want to do you already have the broken system waiting for you to look
|
||
|
|
at it whenever you have time but it doesn't disrupt you from continuing to work on whatever
|
||
|
|
you want to and in general this means you can be more productive you can use your computer
|
||
|
|
when you want and then you can decide okay when it suits you you can be an active member
|
||
|
|
of the community and actually because of the way that the next system works which I will explain
|
||
|
|
a little bit you can actually debug quite accurately which perhaps conflicting libraries are involved
|
||
|
|
or what the underlying issue is and you can hand someone you can actually point someone to a
|
||
|
|
closure of the package which they will be able to see exactly what build inputs were involved
|
||
|
|
and what compile time options were involved and they can reproduce exactly the issue very quickly
|
||
|
|
okay so what is this next thing it's a functional package manager
|
||
|
|
okay so let me read from Wikipedia about functional programming in computer science functional
|
||
|
|
programming is a programming paradigm that treats computation as the evaluation of mathematical
|
||
|
|
functions and avoid state and mutable data so what is this got to do with software on your system
|
||
|
|
okay so if you open your terminal and type RS let's just think for a minute what happens
|
||
|
|
so it looks on your environment variable called path for the lists of directories where
|
||
|
|
it can find this command that you just called ls will probably find it in slash bin as a
|
||
|
|
mirror and then it runs us okay now the point is that in slash bin you have this binary ls
|
||
|
|
which lists the files in their directory but let's say that you upgrade your system and ls
|
||
|
|
changes and some bug has been introduced and it instead of listing files it removes all your
|
||
|
|
files or whatever so but when you call ls from the can line it's going to look up and it's going
|
||
|
|
to find that command and run it and what's happened is it's very much like a global variable
|
||
|
|
in a programming language you've got this one instance called ls which exists in slash bin
|
||
|
|
and if you replace it it's gone there's no way to like look up what was the last version of ls
|
||
|
|
that I had so I think this is what we mean by side effects in non-functional programming languages
|
||
|
|
this state has been changed of your environment the file system hierarchy standard for Linux is a
|
||
|
|
convention which describes where things should exist in the file system so for example slash bin
|
||
|
|
or slash e2c for configuration files and this is the point where nix is a bit controversial it does
|
||
|
|
try to stick to the file system hierarchy standard but it uses this trick
|
||
|
|
nix puts all the packages and configuration and stuff into slash nix slash store and in there
|
||
|
|
there's a directory for each package and the name of that directory is calculated so that
|
||
|
|
is unique to that derivation so if you change anything about the let's say the compile options
|
||
|
|
or the version of a library which is used to build a particular application or whatever
|
||
|
|
a new directory will be created and that application that binary or related configuration files and
|
||
|
|
everything will be put in there and then so the software is prepared it's usually available as a
|
||
|
|
binary which is being built by the hydra and build system the build farm and download it onto your
|
||
|
|
system and this path is created and then and this is when the notion of atomic upgrades comes in
|
||
|
|
because the place in your path environment variable that points to a sinlink which points to
|
||
|
|
somewhere in the nix store which describes your current environment your profile and that gets
|
||
|
|
updated to include a link to that version of the package now this is all a bit too complicated to
|
||
|
|
kind of cover in depth but the basic idea is that you don't have this single binary which gets
|
||
|
|
overwritten every time the software changes you have every version which you care about is available
|
||
|
|
in the next store and all you need to do like you can run any of them directly if you want they
|
||
|
|
have a complete set of dependencies so if for some reason you've upgraded any piece of software
|
||
|
|
and you realize something is wrong all you have to do is roll back to the last version
|
||
|
|
okay so you're probably thinking oh my god this is going to take up loads of hard drive space okay
|
||
|
|
whenever you decide that basically everything is working maybe upgraded last weekend you
|
||
|
|
haven't had any problems so then you can go ahead and do the garbage collection and remove those
|
||
|
|
old versions from your store typically they'll stay in hydra so if you ever want to download them
|
||
|
|
again you can just go on to the hydra website and click and install that exact version with all
|
||
|
|
dependencies and configuration options and everything as they were this also means that you can
|
||
|
|
have multiple versions installed at the same time without any conflict this is really cool if you
|
||
|
|
want to test some experimental software you can run anything you can have the most crazy experimental
|
||
|
|
cutting edge libraries which aren't even beta yet and you can install a package and run it
|
||
|
|
and you can keep your default version of the same package without any interference and you can
|
||
|
|
remove it and it's not going to your computer isn't going to blow up and you can just uninstall
|
||
|
|
that or keep it under a different name and use it for testing purposes and just report bugs or
|
||
|
|
whatever just in case there's any confusion the dependencies of an application where they're
|
||
|
|
shared between different applications they're also shared in Nix there's like a separate store
|
||
|
|
path for each library and it uses we'll say for some things it might use an environment variable
|
||
|
|
we'll say for Python it'll be Python paths so that a predictor application can find exactly the
|
||
|
|
version the Python modules it needs for a compiled stuff it might use our path so that they're linked
|
||
|
|
to to an application is linked dynamically to particular and library so actually it doesn't use
|
||
|
|
all that much more space it just uses more space for things which are different so obviously if
|
||
|
|
you have two separate libraries and you want to have two versions of an application compiled with
|
||
|
|
these two separate libraries that's going to take up more space but just to give you an example
|
||
|
|
I have like a full desktop system KDE those of audio applications and a few generations in
|
||
|
|
there which I could roll back to and that's like 10 gigs another nice feature is that she can
|
||
|
|
go in and override any of the Nix expressions Nix actually uses a domain specific language which
|
||
|
|
is specifically designed for managing packages installing packages and configuration options
|
||
|
|
so you can use this language to configure your system and this is also how you will add new
|
||
|
|
packages if you want or tweak some of the options for existing packages on your system so if you
|
||
|
|
want and quite typically people describe their system configuration in a configuration.nix file
|
||
|
|
and that can include what packages you want to have installed your default window manager if
|
||
|
|
you want to run SSH on a particular port anything essentially this is also what you can use
|
||
|
|
for the deployment options with Disneyx that's not something I've had to look at myself
|
||
|
|
but it sounds quite cool I mean if you want to have a configuration for a whole cluster of machines
|
||
|
|
you can do that and you can even do incredible stuff like you can you can have a configuration
|
||
|
|
for a cluster and then you can instantiate it on your test machine and get it to run various
|
||
|
|
VMs with those exact configurations you could for example set up a SQL server on one VM and then
|
||
|
|
you could have a website and another VM and you could have them configured so that the website
|
||
|
|
is accessing the SQL server from the other VM and you could test that that whole system works
|
||
|
|
on your own local machine and then you could decide okay this works you can actually
|
||
|
|
write tests which will look for things using the nix language as well but once you're happy
|
||
|
|
you can like you can do your automated testing and then you can also deploy that exact system
|
||
|
|
on bare metal okay so I've already mentioned that there's this hydra build firm which builds
|
||
|
|
the packages if you change a configuration option we'll say a compile option or you want to
|
||
|
|
test something out locally you will have to build that package locally there's essentially this
|
||
|
|
hash that I described earlier that will have changed and nix will find that it would look for that
|
||
|
|
on hydra and realize it doesn't exist yet and then it will decide to build it locally so that's
|
||
|
|
that's how it falls back to building packages from source and they're not available it also has a
|
||
|
|
feature where if you have a binary version of a particular application and there's been an
|
||
|
|
upgrade then hydra prepares binary deltas so you only actually have to download the piece of the
|
||
|
|
binary file which is changed you don't have to download the whole thing if it's like Libra
|
||
|
|
Office or something and something small has changed you only have to download that tiny bit
|
||
|
|
another feature provided by hydra is I think I mentioned it already the single click installs so
|
||
|
|
you can look at any package there and so there will be a link if you have the nix package manager
|
||
|
|
installed on any distro you can click on that link and that will download all these paths and put
|
||
|
|
into your system into your store and then activate them so that you can use that exact version
|
||
|
|
which is pretty handy and the other thing is that you can set it up so that any
|
||
|
|
unprivileged user on your system can also install packages and they can have their own versions so
|
||
|
|
if you have a multi-user system you could have two quite different systems essentially using the
|
||
|
|
same or using whatever versions of packages they want and they can manage their software independently
|
||
|
|
so I guess at this stage you're probably wondering if I love Nix OOS so much why don't I just go and
|
||
|
|
marry it it's not all roses there's no comparison between the sheer amount of packages you'll
|
||
|
|
find in Slackware or Debian or any other distro there's like a relatively small Nix community
|
||
|
|
who package things that they care about and it just so happens that for example there's no
|
||
|
|
GNOME there's no GNOME 2 or GNOME 3 there's quite a decent KDE there's XFCE there's like X Monat
|
||
|
|
and there's like loads of tiling window managers it's just whatever people are interested in and
|
||
|
|
happen to package so you may or may not find the software that you're interested in the good side
|
||
|
|
is it's not difficult to add packages for most packages if they've got a pretty typical build
|
||
|
|
system there's already quite an easy way basically you just have to you add the expression and it
|
||
|
|
just has to include a link to where you can download it from it also has to include a hash
|
||
|
|
so that it checks that it's like a checksum so that it checks that it has the correct
|
||
|
|
file and then if there's any yeah you have to list the
|
||
|
|
uh... build inputs which are the dependencies so that could include say qt or gtk or
|
||
|
|
whatever libraries the lib sound or whatever you want
|
||
|
|
whatever the package needs and you can add configuration options if you want people to be
|
||
|
|
able to tweak particular things and turn on and turn off things and yeah sometimes you will need
|
||
|
|
to adjust some of the make files or whatever our apply patches but typically you just add the
|
||
|
|
build inputs the dependencies for that software and that's usually will basically run the
|
||
|
|
um... configure make make install or if it's you know see make or whatever it's it's pretty sensible
|
||
|
|
in how it handles various things and if you do a pretty good job of most things you can just
|
||
|
|
drop them in i'm often surprised at how easy it is to to package things sometimes it's not
|
||
|
|
and you have to do manual changes so that's the thing i should really mention that nix isn't
|
||
|
|
such a recent project and elco visor actually released he presented a paper on it back in 2004
|
||
|
|
and it's been under development since then it's been a subject of quite a few research projects
|
||
|
|
in university of utrate in the Netherlands and that's one of the nice things about it as well as
|
||
|
|
that there's loads of research papers it's really been really in-depth not just documentation but
|
||
|
|
discussions of the computer science of how to manage deployment and upgrades and stuff so
|
||
|
|
it's really interesting i mean it's well worth reading the papers if that's if you're interested
|
||
|
|
in computer science in general even the nix domain specific language itself and how that works
|
||
|
|
and where it comes from and some of that stuff is really interesting i know there's a really good
|
||
|
|
interview with elco visor on software engineering radio as well where he discusses
|
||
|
|
grammars and things like that i should also point out that i am just an x user myself
|
||
|
|
i'm not a core contributor or anything like that i have a basic understanding of how it works
|
||
|
|
and i may have said many things which are not entirely correct or even completely wrong so
|
||
|
|
i hope i don't misrepresent it too much so anyway that's it that's nixos and the nix package manager
|
||
|
|
i hope it's of some interest i mean check it out if if there's something you want to install
|
||
|
|
the same i like to give kaden live as a good example because it can be quite tricky to compile
|
||
|
|
and we do have a binary version in nixos and nix packages so you could just install the
|
||
|
|
nix package manager which is may shortly be available in fedora actually and i think there's
|
||
|
|
i've seen it on the a war for arch and stuff so it might be very simple to install or otherwise
|
||
|
|
you can just compile it it's not very difficult to compile either and and then you just install
|
||
|
|
it nix n minus i and the name of the package and it should get it or you can click on the link
|
||
|
|
on hidra and dano did particular version and then you can update it as well via the nix package
|
||
|
|
manager so hopefully it's of some interest and yeah i'd be very curious to hear if people do give
|
||
|
|
this shot or if they have any feedback about it you know i i i do meet people who've like run debian
|
||
|
|
for whatever 20 years and they've never had a problem and they've never felt the need to update
|
||
|
|
anything and they're perfectly happy to wait for a few years or whatever or i don't mean that
|
||
|
|
and i'm condescending there i mean it's and you get this stable system and there's this massive
|
||
|
|
community and it works really well and that's nice so and i also met people who run arch and they
|
||
|
|
updated every day and they've never had any problems and everything works perfectly like that's
|
||
|
|
brilliant i i have not had this experience myself and as i say i've run a few different distros
|
||
|
|
and yeah nix os really gives me a lot of hope that you know this culture is possible where
|
||
|
|
everybody can continuously upgrade software and work on software and cherry pick whatever
|
||
|
|
dependencies they want for a particular piece of software and just get on with doing what they
|
||
|
|
enjoy and making cool stuff so that's it and thanks for listening and i hang out on our cast
|
||
|
|
planet if anyone wants to discuss this or if you want to do week i would love to do maybe a round
|
||
|
|
table we could discuss the merits and disadvantages are very approaches or whatever that would be
|
||
|
|
fun too so cool so take care and thanks for this
|
||
|
|
you have been listening to Hacker Public Radio or Tacker Public Radio does our
|
||
|
|
we are a community podcast network that releases shows every weekday on day through friday
|
||
|
|
today's show like all our shows was contributed by a hbr listener by yourself
|
||
|
|
if you ever consider recording a podcast then visit our website to find out how easy it really is
|
||
|
|
Hacker Public Radio was founded by the digital dark pound and the economical and computer cloud
|
||
|
|
hbr is funded by the binary revolution at binref.com all binref projects are crowd-responsive
|
||
|
|
by luna pages from shared hosting to custom private clouds go to luna pages.com for all your hosting
|
||
|
|
needs unless otherwise stasis today's show is released on the creative comments attribution
|
||
|
|
share a like he does our license
|