microsoft/openvmm
PublicGuide/src/dev_guide/dev_tools/flowey/nix.md
31lines · modecode
| 1 | # Nix |
| 2 | |
| 3 | In order to enable reproducible builds, experimental flowey features are being built to utilize the [Nix package manager](https://nixos.org/) for dependency management and environment isolation. |
| 4 | The root of the nix configuration lives in `shell.nix`. If you're unsure where the Nix definition is for a dependency, you should be able to track it down from there. |
| 5 | |
| 6 | ## Updating Nix Packages |
| 7 | |
| 8 | Nix dependencies require a hash of their contents to ensure integrity and reproducibility. When updating a dependency, you'll need to update the release that's being pulled and its corresponding hash. |
| 9 | |
| 10 | For instance, let's say we have a new release of the OpenHCL Kernel and we want to update it in our Nix configuration: |
| 11 | |
| 12 | 1. Go to the corresponding `.nix` file (in this case, `openhcl_kernel.nix`) |
| 13 | 2. Clear the hash to an empty string |
| 14 | 3. Update the version |
| 15 | 4. Run `nix-shell --pure` and use the printed error to get the new hash |
| 16 | |
| 17 | > **Warning:** Because Nix caches dependencies based on the hash, if you don't clear the hash to an empty string before updating the version, `nix-shell --pure` will run without error even though the dependency hasn't actually been updated. |
| 18 | |
| 19 | Here's an example of what the error will look like when done correctly: |
| 20 | |
| 21 | ```bash |
| 22 | error: hash mismatch in fixed-output derivation '/nix/store/cc7hhyslx1dnw01nmjx11zqim2l50awp-source.drv': |
| 23 | specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= |
| 24 | got: sha256-wUDWFazJM80oztKqpuRwj8Wvto2Uo/OuVGvhpszIw+A= |
| 25 | error: Cannot build '/nix/store/spg5vbm6mzmsxpg5v2ibg97qrz8khc70-openhcl-kernel-x64-6.12.52.4.drv'. |
| 26 | Reason: 1 dependency failed. |
| 27 | Output paths: |
| 28 | /nix/store/kv8s7pld70yvzxzd77swz9hb3pygkrhl-openhcl-kernel-x64-6.12.52.4 |
| 29 | ``` |
| 30 | |
| 31 | Given this error, you would update the corresponding hash to `sha256-An1N76i1MPb+rrQ1nBpoiuxnNeD0E+VuwqXdkPzaZn0=` in the `openhcl_kernel.nix` file. |
| 32 | |