How to ensure that NixOS configuration will build or use the same package versions in the future?

homocomputeris · September 29, 2023, 9:36pm

In Software packaging and distribution for LHCb using Nix, the authors write:

In order to facilitate this use, software must be stable for long
periods; much longer than even Long Term Support operating systems are
available. Additionally, the software should reproduce any and all
bugs which were present in the original version to ensure the accuracy
of the final results. Builds should be reproducible to allow for
patches to be carefully introduced.

But NixOS configuration files do not include versions of packages (unlike, say, Rust manifests), e.g.

environment.systemPackages = with pkgs; [
    git
    git-lfs
    fish
    neovim
    nixpkgs-fmt
    nixos-option

    # Basic utils
    killall
  ];

If I understand correctly, packages can be updated within a channel, and they can change when the channel is changed.

Then, how to ensure that in 10 years I will be able to get or build the same Nix environment with the same versions packages installed?

uep · September 30, 2023, 2:32am

You need to pin the revision of nixpkgs used for the build. As you note, with channels that status is kept separately and you have to record it somehow. With flakes it’s part of the lock file (the same as Rust’s cargo lock).

TLATER · September 30, 2023, 7:54am

Probably also need some source mirroring solution if the goal is to keep it around and maintainable for 10 years.