#1373 FHS exception for Nix
Closed: rejected 3 months ago by james. Opened 4 months ago by frostyx.

Hello Fedora Packaging Committee,

I am currently trying to coordinate efforts among several Fedora package maintainers to bring Nix to the Fedora repositories.

Nix can install packages from probably the largest software repository that any GNU/Linux distribution has. The installed packages are not installed directly to the system root (as FHS prescribes) but instead it puts the installed files into their own FHS-compliant tree under /nix/store. As a consequence, there is not a possibility for the Nix packages to clash with our RPM packages, causing a dependency hell like for example a combination of PyPI and RPM packages can. Nix is more akin to Flatpak or containers.

We currently have several Copr repositories providing the Nix package:

We would like to consolidate them into something official and request a package review for the Fedora repositories. However, the packaging guidelines require us to have approval for:

Fedora does not allow new directories directly under / or /usr without FPC approval.

So here we are :-)

AFAIK having the directory somewhere else isn't possible. @egoode did some research on this and he says it doesn't work well.

I can try to answer as many questions as possible but I am tagging the respective Copr authors (@prathampatel, @petersen, @poscat) because they might know more than me in regard to the packaging details. Also, @egoode for technical details that I might be inaccurate about.


+1

Thanks for filing, @frostyx. It would be useful to have Nix in Fedora repos. Many Fedora users are not keen on running curl | bash installers :P

As I understand it, Nix does not support moving the Nix store to somewhere other than /nix for essentially two reasons:

  • Built Nix packages contain hardcoded paths to other packages in the Nix store at /nix/store. Therefore, all systems should agree on where the store is; if a system put the store somewhere else, all packages would have to be rebuilt from source for that system.
  • Nix also runs on macOS, and using /usr or /var on macOS is not ideal.

The topic of moving the store (or supporting a custom store location) has been discussed in the Nix community several times. I think https://discourse.nixos.org/t/nix-var-nix-opt-nix-usr-local-nix/7101 is one of the better threads. But I think /nix is staying for now.

For the Fedora package, an alternative option might be to keep the store under /var/lib/nix, /opt/nix, or something and create a bind mount from /nix to that location. Nix supports this: https://nix-dev.science.uu.narkive.com/q2ZdNDHI/moving-nix-store-to-another-partition. But I assume doing so would also fall outside packaging guidelines and would need packaging-committee approval.

The FPC talked about this today, at the meeting:

https://meetbot.fedoraproject.org/meeting-1_matrix_fedoraproject-org/2024-06-20/fpc.2024-06-20-16.00.log.html

Some thoughts/notes:


It's not entirely obvious why people want "nix" as a package in Fedora. Eg. pip works with the installed system. flatpak comes with a Fedora repo. configured and even if you configure/use other repos. the thing you get is a confined space anyway.

From what I can see nix can't easily be used to install extra things, because it will require the entire nixos deps. to also be installed, and that would require the user configuring non-Fedora repos.

  • Q. What things do you think Fedora users will do with this package?
  • Q. How will it be better than installing from the website, or even the coprs?

There's not much desire to allow /nix in Fedora, within the FPC.

It just won't work with some parts of Fedora, even if you do bind mounts.

Neal Gompa "volunteered" to speak to upstream about it, but would probably be happy if he wasn't alone.


There's no easy way to try these Fedora packages, AFAIK. I tried to install petersen/nix and poscat/Nix within a container but "nix-channel --update" fails (I guess due to being in a container).

Thank you all in the FPC for discussing this.

Q. What things do you think Fedora users will do with this package?

Install software. Personally, when I want some software, I check if it is available in the Fedora repositories first. Then search through Copr, then Flatpaks, and then I compile it from the source (which is something I don't want to do). Nix adds yet another fallback option before I have to reach for manual compilation.

It's IMHO a reliable fallback because Fedora has ~40k packages, Flathub ~2k flatpaks, and Nix provides ~100k packages.

Other users might prefer Nix as their primary source of software and its Toolbx-like workflow. This is IMHO fine because Nix packages don't clash with RPM packages and therefore users won't break their system.

Q. How will it be better than installing from the website, or even the corps?

Installing the Nix package from Copr is a good second option to having it in the Fedora repositories. While having a lot of good software exclusively in Copr, I prefer to use it as an incubator and a playground, with the goal of eventually moving the quality packages to Fedora.

Installation from the website is a big no-go.

Multi-user installation (recommended)
Install Nix via the recommended multi-user installation:

$ sh <(curl -L https://nixos.org/nix/install) --daemon

We recommend the multi-user install if you are on Linux running systemd, with SELinux disabled and you can authenticate with sudo.

This shouldn't be the recommended way for Fedora users to install anything.

Neal Gompa "volunteered" to speak to upstream about it, but would probably be happy if he wasn't alone.

Thank you very much @ngompa for getting involved. Please ping me if you need some backup or help of any sort.

There's no easy way to try these Fedora packages, AFAIK. I tried to install petersen/nix and poscat/Nix within a container but "nix-channel --update" fails (I guess due to being in a container).

I've been successfully using prathampatel/nix as long as I was on F39. The package for F40 wasn't ready yet, so I haven't used Nix after upgrading. I will test all of the mentioned packages and make sure we have a working solution for all stable Fedora releases.

Does the package require FPC approval if the /nix directory is created afterwards? Usually nix stores its state in /nix/var but this can be changed during configure, and I did change it in my package to /var/nix which means at least before building any derivations there's no /nix directory created (the rpm -ql output of my nix: https://paste.centos.org/view/fb20980b). The only other use of /nix is to store build outputs in /nix/store, which as egoode has explained, unfortunately cannot be changed without invalidating all existing cache.

It's not entirely obvious why people want "nix" as a package in Fedora.

While the official description of nix is a "package manager", I think the more apt description of nix is a build tool. It's like maven or cargo but universal in the sense that it doesn't care what the source code is (since it can delegate the actual build task to language specific build tools). It tries to achieve full reproducibility while being universal. That's its main value proposition to my understanding.

Invalidating the binary cache doesn't diminish its usefulness, as the existing nix functions and derivations will still work.

I will test all of the mentioned packages and make sure we have a working solution for all stable Fedora releases.

We have been working on this with @petersen and I think, the best solution we currently have is
https://copr.fedorainfracloud.org/coprs/petersen/nix

The spec file and additional sources are available here
https://github.com/juhp/nix-fedora

It should work in all available Fedora versions. By default, it provides the multi-user installation recommended by the upstream but it also provides a subpackage for an alternative single-user installation. Everything is explained in the Copr description.

Invalidating the binary cache doesn't diminish its usefulness, as the existing nix functions and derivations will still work.

I disagree, binary caches are an important part of using Nix. A simple use case such as "I want to git clone and build this Electron app using their flake.nix" might go from seconds/minutes to hours if you have to build Chromium from source.

Nix can also be used to deploy remote NixOS machines [0], or copy builds around between machines via nix-copy-closure. I believe these would also be broken if the store is in a different place on the target system.

If the store can't be in /nix/store, IMO it would be not worth having Nix in Fedora repositories, since the Fedora version of Nix would be incompatible with every other Nix system.

[0] https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html

We spoke a little (mostly summary of of what was said before) about this in this in today's meeting and are rejecting the request. You can ask FESCo for an exception, but we don't think we should grant it (and even if FPC should grant the exception I don't think enough members support it to pass).

Obviously the copr can continue and is still fairly easy to install/use.

Metadata Update from @james:
- Issue close_status updated to: rejected
- Issue status updated to: Closed (was: Open)

3 months ago

Thank you all for the discussion and your time working on this.
I am obviously not happy about the result of the decision but I appreciate that the proposal has been considered.

We will move the effort toward the Copr project

Log in to comment on this ticket.

Metadata