Does a debian package for Nix 2+ exist?

psychic · February 28, 2019, 3:12am

I need (perhaps want would be more accurate) to deploy Nix to an application server (running Debian Jessie).

As a company policy, I can not install Nix through the usual way, it has to
be packaged as a debian package.

Does a debian package exist?

I’m aware of: https://ftp-master.debian.org/new/nix_2.2.1-2.html
but is it available through any apt repository? Which debian versions can it
currently be installed on? Failing to understand that, I cloned the repo:
https://salsa.debian.org/debian/nix
and was greeted by a release.nix in which all the makedebian derivations were
commented out. I tried uncommenting and building them and (not surprisingly,
as they were commented out) the build failed, an error about requiring features of C++14
(perhaps if I were to use a certain nixpkgs checkout if would have worked?)

I understood that it is based on the work of this repo:
https://github.com/KaiHa/nix-debian, so I cloned it, followed the
instructions, installed git-buildpackage, set the cowbuilder basepath
correctly, but building with gbp buildpackage --git-pbuilder failed both on
master and debian/stretch branches.

The following packages have unmet dependencies:
 pbuilder-satisfydepends-dummy : Depends: libbrotli-dev which is a virtual package and is not provided by any available package
Unable to resolve dependencies!  Giving up...

Next, I Tried to reproduce an old Hydra build from 2015 of Nix 1.9 (the latest one
I could find) to build and use as reference to create a package for 2.1 but
the build dragged on for a long time and started getting time outs when
downloading dependencies.

Where should I look for next?

I don’t really need a multi-user installation, it is just an application
server where I will deploy nix-built applications to. nix-bundle requires
linux user namespaces which are associated with drama and security
vulnerabilities so I am not allowed to use that, unfortunately. Trying to build my Haskell
application statically using: https://github.com/nh2/static-haskell-nix also
failed and I do not have the time to dive deep into musl to understand the
intricacies there.

Ideally I just want a single installation that does not create the /nix
directory (as we provision a partition for /nix beforehand, so the directory will
pre-exist). I am thinking of getting the binary tarball and removing
stuff as necessary from the ./install script and packaging that (I have zero
experience with debian packaging, but hopefully I can wing it).
Is there a more straightforward approach I can take here? I’m willing to bet there is something I am missing here, that will make all of this much simpler.

Push comes to shove, I will have to give up Nix and not use it in my company, not just for the
application server but for the CI server and the developer workstations (although it already builds and deploys perfectly if I install Nix the usual way). I prefer not to reach this
state, so any help is greatly appreciated!

Thanks!

Melkor333 · February 28, 2019, 6:34am

https://ftp-master.debian.org/new/nix_2.2.1-2.html

It seems to be in the unstable branch right now

psychic · February 28, 2019, 7:27am

I’ll be happy to know what I’m doing wrong as searching for nix packages in sid(unstable) does not turn up with the package for nix package manager: https://packages.debian.org/search?suite=sid&section=all&arch=any&searchon=names&keywords=nix

Also, starting a docker with debian:sid and apt-get update and apt-get install nix results in E: Unable to locate package nix

danbst · February 28, 2019, 8:08am

From what I could find out, it is still in NEW queue, and someone should approve it to make propagate to pools (even unstable). I can’t find why maintainers haven’t yet checked nix.

uvNikita · February 28, 2019, 2:14pm

You might want to look at this repository: Releases · Mic92/nix-fpm-multiuser · GitHub. @dezgeg and @Mic92 have set up an rpm and deb package builder using fpm. It works like a charm in our set up, but I tested it only on CentOS for now.

Ideally I just want a single installation that does not create the /nix
directory (as we provision a partition for /nix beforehand, so the directory will
pre-exist).

We had exactly the same issue, the PR to nix is still on review btw (install-multi-user: fail only if /nix is not empty by uvNikita · Pull Request #2573 · NixOS/nix · GitHub). But the packages I linked fixing this issue as well by allowing /nix to exist. From their README:

Uninstalling the distro package doesn’t remove /nix . But since it will stop & remove the daemon, the build users and the /etc/profile.d snippet, effectively Nix and installed packages will stop working. Reinstalling the distro package makes things work again just as they were before the uninstallation. I believe this matches what the distros do with mutable data, e.g. uninstalling Postgres doesn’t nuke all the databases.

psychic · March 1, 2019, 4:42am

@danbst I wonder why no one is looking at it, perhaps a matter of prioritization or interest?

@uvNikita Thanks for the link. Right after posting this thread I started my attempt at doing a crude package and it turned out to be simpler than I thought so I sticked with it.

Thanks for the help regarding this matter, I thought I’m missing something obvious but it seems that wasn’t the case.

Thanks for the help!

I also retried to get a static build going (to save as a second option if people don’t like Nix’s FHS-violation) and almost got it all the way, except now it fails with:

<no location info>: error:
    `cc' failed in phase `Linker'. (Exit code: 1)

/nix/store/8jpp32r1yqzqcgjycnvjy0hm30ng2f86-binutils-2.30/bin/ld: /nix/store/4k79vw3p32n2w7z11d9rh4788chq73ja-gcc-7.3.0/lib/gcc/x86_64-unknown-linux-musl/7.3.0/crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object
/nix/store/8jpp32r1yqzqcgjycnvjy0hm30ng2f86-binutils-2.30/bin/ld: /nix/store/4k79vw3p32n2w7z11d9rh4788chq73ja-gcc-7.3.0/lib/gcc/x86_64-unknown-linux-musl/7.3.0/crtend.o: relocation R_X86_64_32 against `.ctors' can not be used when making a shared object; recompile with -fPIC
/nix/store/8jpp32r1yqzqcgjycnvjy0hm30ng2f86-binutils-2.30/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status

The error happens during the final linking.
Tried adding -fPIC in my project’s configureFlags but it did not change anything. I wonder if this has
something to do with me using a Haskell library with bindings to postgresql client library (I should probably start a separate thread for this!)

alexv · November 11, 2019, 4:53pm

@uvNikita The fpm-based approach works great, the only issue is it uses forked version of nix which hasn’t been updated (rebased) in almost a year… Is the project alive?

uvNikita · November 13, 2019, 9:16am

I don’t really know, you will have to ask @Mic92 about that

My guess is that it should also be fairly easy to update the nix version and build packages yourself, but I haven’t tried it yet.

It’s unfortunate that nix still doesn’t have official deb/rpm packages though.

Mic92 · November 13, 2019, 11:13am

If somebody rebases the patches on top of a newer version of Nix, I would tag a new release.