How to build and distribute binary packages with nix?

Help
1

Naively one would expect that the core functionality of a package manager is “building packages”. With nix the situation seems to be a little different: One distributes nix-files/expression (in channels or .nix files) which define derivations ( nix-instantiate ) which can be built ( nix-build ) to produce binary artifacts which are installed ( nix-env -i ) into an environment. At no point a traditional “package file” containing the built artifacts is produced, that can be copied to different machines and/or distributed e.g. as GitHub-releases.

Question:

  1. Is it possible to produce binary packages (i.e. pre-built derivations) with nix tooling?
  2. If not, is this an intentional omission or just a missing feature.

Discussion:

  • This is a cross post from SO where I was referred to this forum, as a better place to ask this question.
  • Of course, installing pre-built packages is a security risks. Due care has to be taken by the user, to verify it comes from a trusted party.
  • I am aware of binary caches and nix-copy-closure. Both solve different problems. This question is about a way to distribute pre-built packages to a wider audience which is simple, requires zero-configuration, does not rely on external services being available and does not involve local built steps. (like rpm -i <filename>)
  • dockerTools.buildImage actually comes quite close to the desired feature, in that it tar’s up the package dependency closure. But it’s clearly designed for a different use case.
  • “Nix has a native serialization format for store objects, NAR” – @CharlesDuffy. This looks like a fit: Are there tools to build a NAR file for a given derivation?
1 Like
2

Binary cache for many others: Binary Cache - NixOS Wiki

Distribute single binary: nix copy

that can be copied to different machines and/or distributed e.g. as GitHub-releases.

You can also distribute it as a docker image with dockerTools (but you already mentioned this)

If it’s truely just a “binary”, you can do a static build, pkgsStatic.<package> then send that binary where-ever.

4 Likes
3

:tada: nix copy looks great!

FTR, here is how I would use it to distribute nixpkgs.ag (as an example):

nix copy nixpkgs.ag --to file://ag.pkg 
# We now have a local directory `ag.pkg` which we can tar-up and distribute
# On the client machine, we run to install the package
nix copy --from file://ag.pkg nixpkgs.ag
1 Like
4

If installing nix on the system you deploy to is not an option, there is also nix-bundle which is also available as part of the (experimental) nix command.
But in my experience nix works best if the machine you deploy to also has it installed.

1 Like