tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / doc / coding-conventions.xml
at release-19.03 1065 lines 32 kB view raw
1<chapter xmlns="http://docbook.org/ns/docbook" 2 xmlns:xlink="http://www.w3.org/1999/xlink" 3 xml:id="chap-conventions"> 4 <title>Coding conventions</title> 5 <section xml:id="sec-syntax"> 6 <title>Syntax</title> 7 8 <itemizedlist> 9 <listitem> 10 <para> 11 Use 2 spaces of indentation per indentation level in Nix expressions, 4 12 spaces in shell scripts. 13 </para> 14 </listitem> 15 <listitem> 16 <para> 17 Do not use tab characters, i.e. configure your editor to use soft tabs. 18 For instance, use <literal>(setq-default indent-tabs-mode nil)</literal> 19 in Emacs. Everybody has different tab settings so it’s asking for 20 trouble. 21 </para> 22 </listitem> 23 <listitem> 24 <para> 25 Use <literal>lowerCamelCase</literal> for variable names, not 26 <literal>UpperCamelCase</literal>. Note, this rule does not apply to 27 package attribute names, which instead follow the rules in 28 <xref linkend="sec-package-naming"/>. 29 </para> 30 </listitem> 31 <listitem> 32 <para> 33 Function calls with attribute set arguments are written as 34<programlisting> 35foo { 36 arg = ...; 37} 38</programlisting> 39 not 40<programlisting> 41foo 42{ 43 arg = ...; 44} 45</programlisting> 46 Also fine is 47<programlisting> 48foo { arg = ...; } 49</programlisting> 50 if it's a short call. 51 </para> 52 </listitem> 53 <listitem> 54 <para> 55 In attribute sets or lists that span multiple lines, the attribute names 56 or list elements should be aligned: 57<programlisting> 58# A long list. 59list = [ 60 elem1 61 elem2 62 elem3 63]; 64 65# A long attribute set. 66attrs = { 67 attr1 = short_expr; 68 attr2 = 69 if true then big_expr else big_expr; 70}; 71 72# Combined 73listOfAttrs = [ 74 { 75 attr1 = 3; 76 attr2 = "fff"; 77 } 78 { 79 attr1 = 5; 80 attr2 = "ggg"; 81 } 82]; 83</programlisting> 84 </para> 85 </listitem> 86 <listitem> 87 <para> 88 Short lists or attribute sets can be written on one line: 89<programlisting> 90# A short list. 91list = [ elem1 elem2 elem3 ]; 92 93# A short set. 94attrs = { x = 1280; y = 1024; }; 95</programlisting> 96 </para> 97 </listitem> 98 <listitem> 99 <para> 100 Breaking in the middle of a function argument can give hard-to-read code, 101 like 102<programlisting> 103someFunction { x = 1280; 104 y = 1024; } otherArg 105 yetAnotherArg 106</programlisting> 107 (especially if the argument is very large, spanning multiple lines). 108 </para> 109 <para> 110 Better: 111<programlisting> 112someFunction 113 { x = 1280; y = 1024; } 114 otherArg 115 yetAnotherArg 116</programlisting> 117 or 118<programlisting> 119let res = { x = 1280; y = 1024; }; 120in someFunction res otherArg yetAnotherArg 121</programlisting> 122 </para> 123 </listitem> 124 <listitem> 125 <para> 126 The bodies of functions, asserts, and withs are not indented to prevent a 127 lot of superfluous indentation levels, i.e. 128<programlisting> 129{ arg1, arg2 }: 130assert system == "i686-linux"; 131stdenv.mkDerivation { ... 132</programlisting> 133 not 134<programlisting> 135{ arg1, arg2 }: 136 assert system == "i686-linux"; 137 stdenv.mkDerivation { ... 138</programlisting> 139 </para> 140 </listitem> 141 <listitem> 142 <para> 143 Function formal arguments are written as: 144<programlisting> 145{ arg1, arg2, arg3 }: 146</programlisting> 147 but if they don't fit on one line they're written as: 148<programlisting> 149{ arg1, arg2, arg3 150, arg4, ... 151, # Some comment... 152 argN 153}: 154</programlisting> 155 </para> 156 </listitem> 157 <listitem> 158 <para> 159 Functions should list their expected arguments as precisely as possible. 160 That is, write 161<programlisting> 162{ stdenv, fetchurl, perl }: <replaceable>...</replaceable> 163</programlisting> 164 instead of 165<programlisting> 166args: with args; <replaceable>...</replaceable> 167</programlisting> 168 or 169<programlisting> 170{ stdenv, fetchurl, perl, ... }: <replaceable>...</replaceable> 171</programlisting> 172 </para> 173 <para> 174 For functions that are truly generic in the number of arguments (such as 175 wrappers around <varname>mkDerivation</varname>) that have some required 176 arguments, you should write them using an <literal>@</literal>-pattern: 177<programlisting> 178{ stdenv, doCoverageAnalysis ? false, ... } @ args: 179 180stdenv.mkDerivation (args // { 181 <replaceable>...</replaceable> if doCoverageAnalysis then "bla" else "" <replaceable>...</replaceable> 182}) 183</programlisting> 184 instead of 185<programlisting> 186args: 187 188args.stdenv.mkDerivation (args // { 189 <replaceable>...</replaceable> if args ? doCoverageAnalysis &amp;&amp; args.doCoverageAnalysis then "bla" else "" <replaceable>...</replaceable> 190}) 191</programlisting> 192 </para> 193 </listitem> 194 </itemizedlist> 195 </section> 196 <section xml:id="sec-package-naming"> 197 <title>Package naming</title> 198 199 <para> 200 The key words 201 <emphasis>must</emphasis>, 202 <emphasis>must not</emphasis>, 203 <emphasis>required</emphasis>, 204 <emphasis>shall</emphasis>, 205 <emphasis>shall not</emphasis>, 206 <emphasis>should</emphasis>, 207 <emphasis>should not</emphasis>, 208 <emphasis>recommended</emphasis>, 209 <emphasis>may</emphasis>, 210 and <emphasis>optional</emphasis> in this section 211 are to be interpreted as described in 212 <link xlink:href="https://tools.ietf.org/html/rfc2119">RFC 2119</link>. 213 Only <emphasis>emphasized</emphasis> words are to be interpreted in this way. 214 </para> 215 216 <para> 217 In Nixpkgs, there are generally three different names associated with a 218 package: 219 <itemizedlist> 220 <listitem> 221 <para> 222 The <varname>name</varname> attribute of the derivation (excluding the 223 version part). This is what most users see, in particular when using 224 <command>nix-env</command>. 225 </para> 226 </listitem> 227 <listitem> 228 <para> 229 The variable name used for the instantiated package in 230 <filename>all-packages.nix</filename>, and when passing it as a 231 dependency to other functions. Typically this is called the 232 <emphasis>package attribute name</emphasis>. This is what Nix expression 233 authors see. It can also be used when installing using <command>nix-env 234 -iA</command>. 235 </para> 236 </listitem> 237 <listitem> 238 <para> 239 The filename for (the directory containing) the Nix expression. 240 </para> 241 </listitem> 242 </itemizedlist> 243 Most of the time, these are the same. For instance, the package 244 <literal>e2fsprogs</literal> has a <varname>name</varname> attribute 245 <literal>"e2fsprogs-<replaceable>version</replaceable>"</literal>, is bound 246 to the variable name <varname>e2fsprogs</varname> in 247 <filename>all-packages.nix</filename>, and the Nix expression is in 248 <filename>pkgs/os-specific/linux/e2fsprogs/default.nix</filename>. 249 </para> 250 251 <para> 252 There are a few naming guidelines: 253 <itemizedlist> 254 <listitem> 255 <para> 256 The <literal>name</literal> attribute <emphasis>should</emphasis> 257 be identical to the upstream package name. 258 </para> 259 </listitem> 260 <listitem> 261 <para> 262 The <literal>name</literal> attribute <emphasis>must not</emphasis> 263 contain uppercase letters — e.g., <literal>"mplayer-1.0rc2"</literal> 264 instead of <literal>"MPlayer-1.0rc2"</literal>. 265 </para> 266 </listitem> 267 <listitem> 268 <para> 269 The version part of the <literal>name</literal> attribute 270 <emphasis>must</emphasis> start with a digit (following a dash) — e.g., 271 <literal>"hello-0.3.1rc2"</literal>. 272 </para> 273 </listitem> 274 <listitem> 275 <para> 276 If a package is not a release but a commit from a repository, then the 277 version part of the name <emphasis>must</emphasis> be the date of that 278 (fetched) commit. The date <emphasis>must</emphasis> be in <literal>"YYYY-MM-DD"</literal> 279 format. Also append <literal>"unstable"</literal> to the name - e.g., 280 <literal>"pkgname-unstable-2014-09-23"</literal>. 281 </para> 282 </listitem> 283 <listitem> 284 <para> 285 Dashes in the package name <emphasis>should</emphasis> be preserved in new variable names, 286 rather than converted to underscores or camel cased — e.g., 287 <varname>http-parser</varname> instead of <varname>http_parser</varname> 288 or <varname>httpParser</varname>. The hyphenated style is preferred in 289 all three package names. 290 </para> 291 </listitem> 292 <listitem> 293 <para> 294 If there are multiple versions of a package, this <emphasis>should</emphasis> be reflected in 295 the variable names in <filename>all-packages.nix</filename>, e.g. 296 <varname>json-c-0-9</varname> and <varname>json-c-0-11</varname>. If 297 there is an obvious “default” version, make an attribute like 298 <literal>json-c = json-c-0-9;</literal>. See also 299 <xref linkend="sec-versioning" /> 300 </para> 301 </listitem> 302 </itemizedlist> 303 </para> 304 </section> 305 <section xml:id="sec-organisation"> 306 <title>File naming and organisation</title> 307 308 <para> 309 Names of files and directories should be in lowercase, with dashes between 310 words — not in camel case. For instance, it should be 311 <filename>all-packages.nix</filename>, not 312 <filename>allPackages.nix</filename> or 313 <filename>AllPackages.nix</filename>. 314 </para> 315 316 <section xml:id="sec-hierarchy"> 317 <title>Hierarchy</title> 318 319 <para> 320 Each package should be stored in its own directory somewhere in the 321 <filename>pkgs/</filename> tree, i.e. in 322 <filename>pkgs/<replaceable>category</replaceable>/<replaceable>subcategory</replaceable>/<replaceable>...</replaceable>/<replaceable>pkgname</replaceable></filename>. 323 Below are some rules for picking the right category for a package. Many 324 packages fall under several categories; what matters is the 325 <emphasis>primary</emphasis> purpose of a package. For example, the 326 <literal>libxml2</literal> package builds both a library and some tools; 327 but it’s a library foremost, so it goes under 328 <filename>pkgs/development/libraries</filename>. 329 </para> 330 331 <para> 332 When in doubt, consider refactoring the <filename>pkgs/</filename> tree, 333 e.g. creating new categories or splitting up an existing category. 334 </para> 335 336 <variablelist> 337 <varlistentry> 338 <term> 339 If it’s used to support <emphasis>software development</emphasis>: 340 </term> 341 <listitem> 342 <variablelist> 343 <varlistentry> 344 <term> 345 If it’s a <emphasis>library</emphasis> used by other packages: 346 </term> 347 <listitem> 348 <para> 349 <filename>development/libraries</filename> (e.g. 350 <filename>libxml2</filename>) 351 </para> 352 </listitem> 353 </varlistentry> 354 <varlistentry> 355 <term> 356 If it’s a <emphasis>compiler</emphasis>: 357 </term> 358 <listitem> 359 <para> 360 <filename>development/compilers</filename> (e.g. 361 <filename>gcc</filename>) 362 </para> 363 </listitem> 364 </varlistentry> 365 <varlistentry> 366 <term> 367 If it’s an <emphasis>interpreter</emphasis>: 368 </term> 369 <listitem> 370 <para> 371 <filename>development/interpreters</filename> (e.g. 372 <filename>guile</filename>) 373 </para> 374 </listitem> 375 </varlistentry> 376 <varlistentry> 377 <term> 378 If it’s a (set of) development <emphasis>tool(s)</emphasis>: 379 </term> 380 <listitem> 381 <variablelist> 382 <varlistentry> 383 <term> 384 If it’s a <emphasis>parser generator</emphasis> (including lexers): 385 </term> 386 <listitem> 387 <para> 388 <filename>development/tools/parsing</filename> (e.g. 389 <filename>bison</filename>, <filename>flex</filename>) 390 </para> 391 </listitem> 392 </varlistentry> 393 <varlistentry> 394 <term> 395 If it’s a <emphasis>build manager</emphasis>: 396 </term> 397 <listitem> 398 <para> 399 <filename>development/tools/build-managers</filename> (e.g. 400 <filename>gnumake</filename>) 401 </para> 402 </listitem> 403 </varlistentry> 404 <varlistentry> 405 <term> 406 Else: 407 </term> 408 <listitem> 409 <para> 410 <filename>development/tools/misc</filename> (e.g. 411 <filename>binutils</filename>) 412 </para> 413 </listitem> 414 </varlistentry> 415 </variablelist> 416 </listitem> 417 </varlistentry> 418 <varlistentry> 419 <term> 420 Else: 421 </term> 422 <listitem> 423 <para> 424 <filename>development/misc</filename> 425 </para> 426 </listitem> 427 </varlistentry> 428 </variablelist> 429 </listitem> 430 </varlistentry> 431 <varlistentry> 432 <term> 433 If it’s a (set of) <emphasis>tool(s)</emphasis>: 434 </term> 435 <listitem> 436 <para> 437 (A tool is a relatively small program, especially one intended to be 438 used non-interactively.) 439 </para> 440 <variablelist> 441 <varlistentry> 442 <term> 443 If it’s for <emphasis>networking</emphasis>: 444 </term> 445 <listitem> 446 <para> 447 <filename>tools/networking</filename> (e.g. 448 <filename>wget</filename>) 449 </para> 450 </listitem> 451 </varlistentry> 452 <varlistentry> 453 <term> 454 If it’s for <emphasis>text processing</emphasis>: 455 </term> 456 <listitem> 457 <para> 458 <filename>tools/text</filename> (e.g. <filename>diffutils</filename>) 459 </para> 460 </listitem> 461 </varlistentry> 462 <varlistentry> 463 <term> 464 If it’s a <emphasis>system utility</emphasis>, i.e., something related or essential to the operation of a system: 465 </term> 466 <listitem> 467 <para> 468 <filename>tools/system</filename> (e.g. <filename>cron</filename>) 469 </para> 470 </listitem> 471 </varlistentry> 472 <varlistentry> 473 <term> 474 If it’s an <emphasis>archiver</emphasis> (which may include a compression function): 475 </term> 476 <listitem> 477 <para> 478 <filename>tools/archivers</filename> (e.g. <filename>zip</filename>, 479 <filename>tar</filename>) 480 </para> 481 </listitem> 482 </varlistentry> 483 <varlistentry> 484 <term> 485 If it’s a <emphasis>compression</emphasis> program: 486 </term> 487 <listitem> 488 <para> 489 <filename>tools/compression</filename> (e.g. 490 <filename>gzip</filename>, <filename>bzip2</filename>) 491 </para> 492 </listitem> 493 </varlistentry> 494 <varlistentry> 495 <term> 496 If it’s a <emphasis>security</emphasis>-related program: 497 </term> 498 <listitem> 499 <para> 500 <filename>tools/security</filename> (e.g. <filename>nmap</filename>, 501 <filename>gnupg</filename>) 502 </para> 503 </listitem> 504 </varlistentry> 505 <varlistentry> 506 <term> 507 Else: 508 </term> 509 <listitem> 510 <para> 511 <filename>tools/misc</filename> 512 </para> 513 </listitem> 514 </varlistentry> 515 </variablelist> 516 </listitem> 517 </varlistentry> 518 <varlistentry> 519 <term> 520 If it’s a <emphasis>shell</emphasis>: 521 </term> 522 <listitem> 523 <para> 524 <filename>shells</filename> (e.g. <filename>bash</filename>) 525 </para> 526 </listitem> 527 </varlistentry> 528 <varlistentry> 529 <term> 530 If it’s a <emphasis>server</emphasis>: 531 </term> 532 <listitem> 533 <variablelist> 534 <varlistentry> 535 <term> 536 If it’s a web server: 537 </term> 538 <listitem> 539 <para> 540 <filename>servers/http</filename> (e.g. 541 <filename>apache-httpd</filename>) 542 </para> 543 </listitem> 544 </varlistentry> 545 <varlistentry> 546 <term> 547 If it’s an implementation of the X Windowing System: 548 </term> 549 <listitem> 550 <para> 551 <filename>servers/x11</filename> (e.g. <filename>xorg</filename> 552 this includes the client libraries and programs) 553 </para> 554 </listitem> 555 </varlistentry> 556 <varlistentry> 557 <term> 558 Else: 559 </term> 560 <listitem> 561 <para> 562 <filename>servers/misc</filename> 563 </para> 564 </listitem> 565 </varlistentry> 566 </variablelist> 567 </listitem> 568 </varlistentry> 569 <varlistentry> 570 <term> 571 If it’s a <emphasis>desktop environment</emphasis>: 572 </term> 573 <listitem> 574 <para> 575 <filename>desktops</filename> (e.g. <filename>kde</filename>, 576 <filename>gnome</filename>, <filename>enlightenment</filename>) 577 </para> 578 </listitem> 579 </varlistentry> 580 <varlistentry> 581 <term> 582 If it’s a <emphasis>window manager</emphasis>: 583 </term> 584 <listitem> 585 <para> 586 <filename>applications/window-managers</filename> (e.g. 587 <filename>awesome</filename>, <filename>stumpwm</filename>) 588 </para> 589 </listitem> 590 </varlistentry> 591 <varlistentry> 592 <term> 593 If it’s an <emphasis>application</emphasis>: 594 </term> 595 <listitem> 596 <para> 597 A (typically large) program with a distinct user interface, primarily 598 used interactively. 599 </para> 600 <variablelist> 601 <varlistentry> 602 <term> 603 If it’s a <emphasis>version management system</emphasis>: 604 </term> 605 <listitem> 606 <para> 607 <filename>applications/version-management</filename> (e.g. 608 <filename>subversion</filename>) 609 </para> 610 </listitem> 611 </varlistentry> 612 <varlistentry> 613 <term> 614 If it’s for <emphasis>video playback / editing</emphasis>: 615 </term> 616 <listitem> 617 <para> 618 <filename>applications/video</filename> (e.g. 619 <filename>vlc</filename>) 620 </para> 621 </listitem> 622 </varlistentry> 623 <varlistentry> 624 <term> 625 If it’s for <emphasis>graphics viewing / editing</emphasis>: 626 </term> 627 <listitem> 628 <para> 629 <filename>applications/graphics</filename> (e.g. 630 <filename>gimp</filename>) 631 </para> 632 </listitem> 633 </varlistentry> 634 <varlistentry> 635 <term> 636 If it’s for <emphasis>networking</emphasis>: 637 </term> 638 <listitem> 639 <variablelist> 640 <varlistentry> 641 <term> 642 If it’s a <emphasis>mailreader</emphasis>: 643 </term> 644 <listitem> 645 <para> 646 <filename>applications/networking/mailreaders</filename> (e.g. 647 <filename>thunderbird</filename>) 648 </para> 649 </listitem> 650 </varlistentry> 651 <varlistentry> 652 <term> 653 If it’s a <emphasis>newsreader</emphasis>: 654 </term> 655 <listitem> 656 <para> 657 <filename>applications/networking/newsreaders</filename> (e.g. 658 <filename>pan</filename>) 659 </para> 660 </listitem> 661 </varlistentry> 662 <varlistentry> 663 <term> 664 If it’s a <emphasis>web browser</emphasis>: 665 </term> 666 <listitem> 667 <para> 668 <filename>applications/networking/browsers</filename> (e.g. 669 <filename>firefox</filename>) 670 </para> 671 </listitem> 672 </varlistentry> 673 <varlistentry> 674 <term> 675 Else: 676 </term> 677 <listitem> 678 <para> 679 <filename>applications/networking/misc</filename> 680 </para> 681 </listitem> 682 </varlistentry> 683 </variablelist> 684 </listitem> 685 </varlistentry> 686 <varlistentry> 687 <term> 688 Else: 689 </term> 690 <listitem> 691 <para> 692 <filename>applications/misc</filename> 693 </para> 694 </listitem> 695 </varlistentry> 696 </variablelist> 697 </listitem> 698 </varlistentry> 699 <varlistentry> 700 <term> 701 If it’s <emphasis>data</emphasis> (i.e., does not have a straight-forward executable semantics): 702 </term> 703 <listitem> 704 <variablelist> 705 <varlistentry> 706 <term> 707 If it’s a <emphasis>font</emphasis>: 708 </term> 709 <listitem> 710 <para> 711 <filename>data/fonts</filename> 712 </para> 713 </listitem> 714 </varlistentry> 715 <varlistentry> 716 <term> 717 If it’s related to <emphasis>SGML/XML processing</emphasis>: 718 </term> 719 <listitem> 720 <variablelist> 721 <varlistentry> 722 <term> 723 If it’s an <emphasis>XML DTD</emphasis>: 724 </term> 725 <listitem> 726 <para> 727 <filename>data/sgml+xml/schemas/xml-dtd</filename> (e.g. 728 <filename>docbook</filename>) 729 </para> 730 </listitem> 731 </varlistentry> 732 <varlistentry> 733 <term> 734 If it’s an <emphasis>XSLT stylesheet</emphasis>: 735 </term> 736 <listitem> 737 <para> 738 (Okay, these are executable...) 739 </para> 740 <para> 741 <filename>data/sgml+xml/stylesheets/xslt</filename> (e.g. 742 <filename>docbook-xsl</filename>) 743 </para> 744 </listitem> 745 </varlistentry> 746 </variablelist> 747 </listitem> 748 </varlistentry> 749 </variablelist> 750 </listitem> 751 </varlistentry> 752 <varlistentry> 753 <term> 754 If it’s a <emphasis>game</emphasis>: 755 </term> 756 <listitem> 757 <para> 758 <filename>games</filename> 759 </para> 760 </listitem> 761 </varlistentry> 762 <varlistentry> 763 <term> 764 Else: 765 </term> 766 <listitem> 767 <para> 768 <filename>misc</filename> 769 </para> 770 </listitem> 771 </varlistentry> 772 </variablelist> 773 </section> 774 775 <section xml:id="sec-versioning"> 776 <title>Versioning</title> 777 778 <para> 779 Because every version of a package in Nixpkgs creates a potential 780 maintenance burden, old versions of a package should not be kept unless 781 there is a good reason to do so. For instance, Nixpkgs contains several 782 versions of GCC because other packages don’t build with the latest 783 version of GCC. Other examples are having both the latest stable and latest 784 pre-release version of a package, or to keep several major releases of an 785 application that differ significantly in functionality. 786 </para> 787 788 <para> 789 If there is only one version of a package, its Nix expression should be 790 named <filename>e2fsprogs/default.nix</filename>. If there are multiple 791 versions, this should be reflected in the filename, e.g. 792 <filename>e2fsprogs/1.41.8.nix</filename> and 793 <filename>e2fsprogs/1.41.9.nix</filename>. The version in the filename 794 should leave out unnecessary detail. For instance, if we keep the latest 795 Firefox 2.0.x and 3.5.x versions in Nixpkgs, they should be named 796 <filename>firefox/2.0.nix</filename> and 797 <filename>firefox/3.5.nix</filename>, respectively (which, at a given 798 point, might contain versions <literal>2.0.0.20</literal> and 799 <literal>3.5.4</literal>). If a version requires many auxiliary files, you 800 can use a subdirectory for each version, e.g. 801 <filename>firefox/2.0/default.nix</filename> and 802 <filename>firefox/3.5/default.nix</filename>. 803 </para> 804 805 <para> 806 All versions of a package <emphasis>must</emphasis> be included in 807 <filename>all-packages.nix</filename> to make sure that they evaluate 808 correctly. 809 </para> 810 </section> 811 </section> 812 <section xml:id="sec-sources"> 813 <title>Fetching Sources</title> 814 815 <para> 816 There are multiple ways to fetch a package source in nixpkgs. The general 817 guideline is that you should package reproducible sources with a high degree of 818 availability. Right now there is only one fetcher which has mirroring 819 support and that is <literal>fetchurl</literal>. Note that you should also 820 prefer protocols which have a corresponding proxy environment variable. 821 </para> 822 823 <para> 824 You can find many source fetch helpers in 825 <literal>pkgs/build-support/fetch*</literal>. 826 </para> 827 828 <para> 829 In the file <literal>pkgs/top-level/all-packages.nix</literal> you can find 830 fetch helpers, these have names on the form <literal>fetchFrom*</literal>. 831 The intention of these are to provide snapshot fetches but using the same 832 api as some of the version controlled fetchers from 833 <literal>pkgs/build-support/</literal>. As an example going from bad to 834 good: 835 <itemizedlist> 836 <listitem> 837 <para> 838 Bad: Uses <literal>git://</literal> which won't be proxied. 839<programlisting> 840src = fetchgit { 841 url = "git://github.com/NixOS/nix.git"; 842 rev = "1f795f9f44607cc5bec70d1300150bfefcef2aae"; 843 sha256 = "1cw5fszffl5pkpa6s6wjnkiv6lm5k618s32sp60kvmvpy7a2v9kg"; 844} 845</programlisting> 846 </para> 847 </listitem> 848 <listitem> 849 <para> 850 Better: This is ok, but an archive fetch will still be faster. 851<programlisting> 852src = fetchgit { 853 url = "https://github.com/NixOS/nix.git"; 854 rev = "1f795f9f44607cc5bec70d1300150bfefcef2aae"; 855 sha256 = "1cw5fszffl5pkpa6s6wjnkiv6lm5k618s32sp60kvmvpy7a2v9kg"; 856} 857</programlisting> 858 </para> 859 </listitem> 860 <listitem> 861 <para> 862 Best: Fetches a snapshot archive and you get the rev you want. 863<programlisting> 864src = fetchFromGitHub { 865 owner = "NixOS"; 866 repo = "nix"; 867 rev = "1f795f9f44607cc5bec70d1300150bfefcef2aae"; 868 sha256 = "1i2yxndxb6yc9l6c99pypbd92lfq5aac4klq7y2v93c9qvx2cgpc"; 869} 870</programlisting> 871 Find the value to put as <literal>sha256</literal> by running 872 <literal>nix run -f '&lt;nixpkgs&gt;' nix-prefetch-github -c nix-prefetch-github --rev 1f795f9f44607cc5bec70d1300150bfefcef2aae NixOS nix</literal> 873 or <literal>nix-prefetch-url --unpack https://github.com/NixOS/nix/archive/1f795f9f44607cc5bec70d1300150bfefcef2aae.tar.gz</literal>. 874 </para> 875 </listitem> 876 </itemizedlist> 877 </para> 878 </section> 879 <section xml:id="sec-source-hashes"> 880 <title>Obtaining source hash</title> 881 882 <para> 883 Preferred source hash type is sha256. There are several ways to get it. 884 </para> 885 886 <orderedlist> 887 <listitem> 888 <para> 889 Prefetch URL (with <literal>nix-prefetch-<replaceable>XXX</replaceable> 890 <replaceable>URL</replaceable></literal>, where 891 <replaceable>XXX</replaceable> is one of <literal>url</literal>, 892 <literal>git</literal>, <literal>hg</literal>, <literal>cvs</literal>, 893 <literal>bzr</literal>, <literal>svn</literal>). Hash is printed to 894 stdout. 895 </para> 896 </listitem> 897 <listitem> 898 <para> 899 Prefetch by package source (with <literal>nix-prefetch-url 900 '&lt;nixpkgs&gt;' -A <replaceable>PACKAGE</replaceable>.src</literal>, 901 where <replaceable>PACKAGE</replaceable> is package attribute name). Hash 902 is printed to stdout. 903 </para> 904 <para> 905 This works well when you've upgraded existing package version and want to 906 find out new hash, but is useless if package can't be accessed by 907 attribute or package has multiple sources (<literal>.srcs</literal>, 908 architecture-dependent sources, etc). 909 </para> 910 </listitem> 911 <listitem> 912 <para> 913 Upstream provided hash: use it when upstream provides 914 <literal>sha256</literal> or <literal>sha512</literal> (when upstream 915 provides <literal>md5</literal>, don't use it, compute 916 <literal>sha256</literal> instead). 917 </para> 918 <para> 919 A little nuance is that <literal>nix-prefetch-*</literal> tools produce 920 hash encoded with <literal>base32</literal>, but upstream usually provides 921 hexadecimal (<literal>base16</literal>) encoding. Fetchers understand both 922 formats. Nixpkgs does not standardize on any one format. 923 </para> 924 <para> 925 You can convert between formats with nix-hash, for example: 926<screen> 927$ nix-hash --type sha256 --to-base32 <replaceable>HASH</replaceable> 928</screen> 929 </para> 930 </listitem> 931 <listitem> 932 <para> 933 Extracting hash from local source tarball can be done with 934 <literal>sha256sum</literal>. Use <literal>nix-prefetch-url 935 file:///path/to/tarball </literal> if you want base32 hash. 936 </para> 937 </listitem> 938 <listitem> 939 <para> 940 Fake hash: set fake hash in package expression, perform build and extract 941 correct hash from error Nix prints. 942 </para> 943 <para> 944 For package updates it is enough to change one symbol to make hash fake. 945 For new packages, you can use <literal>lib.fakeSha256</literal>, 946 <literal>lib.fakeSha512</literal> or any other fake hash. 947 </para> 948 <para> 949 This is last resort method when reconstructing source URL is non-trivial 950 and <literal>nix-prefetch-url -A</literal> isn't applicable (for example, 951 <link xlink:href="https://github.com/NixOS/nixpkgs/blob/d2ab091dd308b99e4912b805a5eb088dd536adb9/pkgs/applications/video/kodi/default.nix#L73"> 952 one of <literal>kodi</literal> dependencies</link>). The easiest way then 953 would be replace hash with a fake one and rebuild. Nix build will fail and 954 error message will contain desired hash. 955 </para> 956 <warning><para>This method has security problems. Check below for details.</para></warning> 957 </listitem> 958 </orderedlist> 959 960 <section xml:id="sec-source-hashes-security"> 961 <title>Obtaining hashes securely</title> 962 <para> 963 Let's say Man-in-the-Middle (MITM) sits close to your network. Then instead of fetching 964 source you can fetch malware, and instead of source hash you get hash of malware. Here are 965 security considerations for this scenario: 966 </para> 967 <itemizedlist> 968 <listitem> 969 <para> 970 <literal>http://</literal> URLs are not secure to prefetch hash from; 971 </para> 972 </listitem> 973 <listitem> 974 <para> 975 hashes from upstream (in method 3) should be obtained via secure protocol; 976 </para> 977 </listitem> 978 <listitem> 979 <para> 980 <literal>https://</literal> URLs are secure in methods 1, 2, 3; 981 </para> 982 </listitem> 983 <listitem> 984 <para> 985 <literal>https://</literal> URLs are not secure in method 5. When obtaining hashes 986 with fake hash method, TLS checks are disabled. So 987 refetch source hash from several different networks to exclude MITM scenario. 988 Alternatively, use fake hash method to make Nix error, but instead of extracting 989 hash from error, extract <literal>https://</literal> URL and prefetch it 990 with method 1. 991 </para> 992 </listitem> 993 </itemizedlist> 994 </section> 995 </section> 996 <section xml:id="sec-patches"> 997 <title>Patches</title> 998 999 <para> 1000 Patches available online should be retrieved using 1001 <literal>fetchpatch</literal>. 1002 </para> 1003 1004 <para> 1005<programlisting> 1006patches = [ 1007 (fetchpatch { 1008 name = "fix-check-for-using-shared-freetype-lib.patch"; 1009 url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; 1010 sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; 1011 }) 1012]; 1013</programlisting> 1014 </para> 1015 1016 <para> 1017 Otherwise, you can add a <literal>.patch</literal> file to the 1018 <literal>nixpkgs</literal> repository. In the interest of keeping our 1019 maintenance burden to a minimum, only patches that are unique to 1020 <literal>nixpkgs</literal> should be added in this way. 1021 </para> 1022 1023 <para> 1024<programlisting> 1025patches = [ ./0001-changes.patch ]; 1026</programlisting> 1027 </para> 1028 1029 <para> 1030 If you do need to do create this sort of patch file, one way to do so is 1031 with git: 1032 <orderedlist> 1033 <listitem> 1034 <para> 1035 Move to the root directory of the source code you're patching. 1036<screen> 1037$ cd the/program/source</screen> 1038 </para> 1039 </listitem> 1040 <listitem> 1041 <para> 1042 If a git repository is not already present, create one and stage all of 1043 the source files. 1044<screen> 1045$ git init 1046$ git add .</screen> 1047 </para> 1048 </listitem> 1049 <listitem> 1050 <para> 1051 Edit some files to make whatever changes need to be included in the 1052 patch. 1053 </para> 1054 </listitem> 1055 <listitem> 1056 <para> 1057 Use git to create a diff, and pipe the output to a patch file: 1058<screen> 1059$ git diff > nixpkgs/pkgs/the/package/0001-changes.patch</screen> 1060 </para> 1061 </listitem> 1062 </orderedlist> 1063 </para> 1064 </section> 1065</chapter>