Nix: How do I create static caches using nix 2.0 in the same way nix-push did?

Created on 29 Apr 2018  Â·  5Comments  Â·  Source: NixOS/nix

Previously, I used a command like:

nix-push --dest "$TMPDIR" --key-file ~/.reflex-platform/ryantrinkle.com-1 "$derivation"

to push a derivation and its dependencies to a temp directory, which I then synced to AWS S3.

While the docs say "The command nix-push has been removed as part of the effort to eliminate Nix's dependency on Perl. You can use nix copy instead, e.g. nix copy --to file:///tmp/my-binary-cache paths…", I haven't been able to determine how to do this (after asking on #nixos).

How can I reproduce the original functionality of nix-push? In particular, the things that seem different are:

  • It produced nars and narinfos, not a new nix store
  • It signed things on the fly, rather than using signatures in the store
feature
Source
picture ryantrinkle
👍3

Most helpful comment

You can do the signing in the file:// afterwards.

$ nix copy --to "file://$TMPDIR" "$derivation"
$ nix sign-paths --store "file://$TMPDIR" -k ~/.reflex-platform/ryantrinkle.com-1 "$derivation" -r

Note that I added -r, which will make sure to sign recursively.

EDIT: Fixed code

picture ElvishJerricco on 8 May 2018
👍2

All 5 comments

nix sign-paths -k ~/.reflex-platform/ryantrinkle.com-1 "$derivation"
nix copy --to "file://$TMPDIR" "$derivation"

Note the file: scheme in the URL, which differentiates between a flat-file binary cache and a chroot store.

EDIT: This doesn't answer the "sign on the fly" part of the question. Do you actually have a reason not to keep the signatures in the store?

lheckemann picture lheckemann on 2 May 2018
👍2

It would probably be nice if nix copy had a flag to add new signatures.

edolstra picture edolstra on 7 May 2018
👍2

You can do the signing in the file:// afterwards.

$ nix copy --to "file://$TMPDIR" "$derivation"
$ nix sign-paths --store "file://$TMPDIR" -k ~/.reflex-platform/ryantrinkle.com-1 "$derivation" -r

Note that I added -r, which will make sure to sign recursively.

EDIT: Fixed code

ElvishJerricco picture ElvishJerricco on 8 May 2018
👍2

Adding this here for discoverability. (This confused me a lot.) The "file://" part of "nix copy --to file:// ..." is very important. Without it you get this

nix-build foo.nix
nix copy --to /tmp/test-binary-cache ./result
error: cannot add path '/nix/store/m21r56hnxs905qp82ymcgwc582qrqrj3-foo' because it lacks a valid signature

(Signing the path doesn't help.)

bjornfor picture bjornfor on 14 Mar 2019

Latest Nix (still) does not run in constant memory for file:// binary caches, ref https://github.com/NixOS/nix/issues/2774. This forces me to use nix-1.x to create binary caches at work.

bjornfor picture bjornfor on 26 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vcunat picture vcunat  Â·  36Comments
lovesegfault picture lovesegfault  Â·  37Comments
copumpkin picture copumpkin  Â·  41Comments
pjotrp picture pjotrp  Â·  37Comments
edolstra picture edolstra  Â·  49Comments