Warning
This program is experimental and its interface is subject to change.
Name
nix store make-content-addressed - rewrite a path or closure to content-addressed form
Synopsis
nix store make-content-addressed [option...] installables...
Examples
-
Create a content-addressed representation of the closure of GNU Hello:
# nix store make-content-addressed nixpkgs#hello … rewrote '/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10' to '/nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10'Since the resulting paths are content-addressed, they are always trusted and don't need signatures to copied to another store:
# nix copy --to /tmp/nix --trusted-public-keys '' /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10By contrast, the original closure is input-addressed, so it does need signatures to be trusted:
# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a signature by a trusted key -
Create a content-addressed representation of the current NixOS system closure:
# nix store make-content-addressed /run/current-system
Description
This command converts the closure of the store paths specified by installables to content-addressed form.
Nix store paths are usually input-addressed, meaning that the hash part of the store path is computed from the contents of the derivation (i.e., the build-time dependency graph). Input-addressed paths need to be signed by a trusted key if you want to import them into a store, because we need to trust that the contents of the path were actually built by the derivation.
By contrast, in a content-addressed path, the hash part is computed from the contents of the path. This allows the contents of the path to be verified without any additional information such as signatures. This means that a command like
# nix store build /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10 \
--substituters https://my-cache.example.org
will succeed even if the binary cache https://my-cache.example.org
doesn't present any signatures.
Options
-
--fromstore-uriURL of the source Nix store.
-
Produce output in JSON format, suitable for consumption by another program.
-
Read installables from the standard input. No default installable applied.
-
--tostore-uriURL of the destination Nix store.
Common evaluation options
-
--argname exprPass the value expr as the argument name to Nix functions.
-
--arg-from-filename pathPass the contents of file path as the argument name to Nix functions.
-
--arg-from-stdinnamePass the contents of stdin as the argument name to Nix functions.
-
--argstrname stringPass the string string as the argument name to Nix functions.
-
Start an interactive environment if evaluation fails.
-
--eval-storestore-urlThe URL of the Nix store to use for evaluation, i.e. to store derivations (
.drvfiles) and inputs referenced by them. -
Allow access to mutable paths and repositories.
-
--include/-IpathAdd path to the Nix search path. The Nix search path is initialized from the colon-separated
NIX_PATHenvironment variable, and is used to look up the location of Nix expressions using paths enclosed in angle brackets (i.e.,<nixpkgs>).For instance, passing
-I /home/eelco/Dev -I /etc/nixoswill cause Nix to look for paths relative to
/home/eelco/Devand/etc/nixos, in that order. This is equivalent to setting theNIX_PATHenvironment variable to/home/eelco/Dev:/etc/nixosIt is also possible to match paths against a prefix. For example, passing
-I nixpkgs=/home/eelco/Dev/nixpkgs-branch -I /etc/nixoswill cause Nix to search for
<nixpkgs/path>in/home/eelco/Dev/nixpkgs-branch/pathand/etc/nixos/nixpkgs/path.If a path in the Nix search path starts with
http://orhttps://, it is interpreted as the URL of a tarball that will be downloaded and unpacked to a temporary location. The tarball must consist of a single top-level directory. For example, passing-I nixpkgs=https://github.com/NixOS/nixpkgs/archive/master.tar.gztells Nix to download and use the current contents of the
masterbranch in thenixpkgsrepository.The URLs of the tarballs from the official
nixos.orgchannels (see the manual page fornix-channel) can be abbreviated aschannel:<channel-name>. For instance, the following two flags are equivalent:-I nixpkgs=channel:nixos-21.05 -I nixpkgs=https://nixos.org/channels/nixos-21.05/nixexprs.tar.xzYou can also fetch source trees using flake URLs and add them to the search path. For instance,
-I nixpkgs=flake:nixpkgsspecifies that the prefix
nixpkgsshall refer to the source tree downloaded from thenixpkgsentry in the flake registry. Similarly,-I nixpkgs=flake:github:NixOS/nixpkgs/nixos-22.05makes
<nixpkgs>refer to a particular branch of theNixOS/nixpkgsrepository on GitHub. -
--override-flakeoriginal-ref resolved-refOverride the flake registries, redirecting original-ref to resolved-ref.
Common flake-related options
-
Commit changes to the flake's lock file.
-
--inputs-fromflake-urlUse the inputs of the specified flake as registry entries.
-
Don't allow lookups in the flake registries.
DEPRECATED
Use
--no-use-registriesinstead. -
Do not allow any updates to the flake's lock file.
-
Do not write the flake's newly generated lock file.
-
--output-lock-fileflake-lock-pathWrite the given lock file instead of
flake.lockwithin the top-level flake. -
--override-inputinput-path flake-urlOverride a specific flake input (e.g.
dwarffs/nixpkgs). This implies--no-write-lock-file. -
Recreate the flake's lock file from scratch.
DEPRECATED
Use
nix flake updateinstead. -
--reference-lock-fileflake-lock-pathRead the given lock file instead of
flake.lockwithin the top-level flake. -
--update-inputinput-pathUpdate a specific flake input (ignoring its previous entry in the lock file).
DEPRECATED
Use
nix flake updateinstead.
Logging-related options
-
Set the logging verbosity level to 'debug'.
-
--log-formatformatSet the format of log output; one of
raw,internal-json,barorbar-with-logs. -
--print-build-logs/-LPrint full build logs on standard error.
-
Decrease the logging verbosity level.
-
--verbose/-vIncrease the logging verbosity level.
Miscellaneous global options
-
Show usage information.
-
Disable substituters and consider all previously downloaded files up-to-date.
-
--optionname valueSet the Nix configuration setting name to value (overriding
nix.conf). -
Consider all previously downloaded files out-of-date.
-
During evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild missing or corrupted store paths.
-
Show version information.
Options that change the interpretation of installables
-
Apply the operation to every store path.
-
Operate on the store derivation rather than its outputs.
-
--exprexprInterpret installables as attribute paths relative to the Nix expression expr.
-
--file/-ffileInterpret installables as attribute paths relative to the Nix expression stored in file. If file is the character -, then a Nix expression will be read from standard input. Implies
--impure. -
--recursive/-rApply operation to closure of the specified paths.
Note
See
man nix.conffor overriding configuration settings with command line flags.