<?xml version="1.0" encoding="utf-8"?> <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="chap-installation"> <title>Installation</title> <section><title>Obtaining Nix</title> <para>The easiest way to obtain Nix is to download a <link xlink:href="http://www.cs.uu.nl/groups/ST/Trace/Nix">source distribution</link>. RPMs for Red Hat, SuSE, and Fedora Core are also available.</para> <para>Alternatively, the most recent sources of Nix can be obtained from its <link xlink:href="https://svn.cs.uu.nl:12443/repos/trace/nix/trunk">Subversion repository</link>. For example, the following command will check out the latest revision into a directory called <filename>nix</filename>:</para> <screen> $ svn checkout https://svn.cs.uu.nl:12443/repos/trace/nix/trunk nix</screen> <para>Likewise, specific releases can be obtained from the <link xlink:href="https://svn.cs.uu.nl:12443/repos/trace/nix/tags">tags directory</link> of the repository. If you don't have Subversion, you can also download an automatically generated <link xlink:href="https://svn.cs.uu.nl:12443/dist/trace/">compressed tar-file</link> of the head revision of the trunk.</para> </section> <section><title>Prerequisites</title> <para><emphasis>The following prerequisites only apply when you build from source</emphasis>. Binary releases (e.g., RPMs) have no prerequisites.</para> <para>A fairly recent version of GCC/G++ is required. Version 2.95 and higher should work.</para> <para>To build this manual and the man-pages you need the <command>xmllint</command> and <command>xsltproc</command> programs, which are part of the <literal>libxml2</literal> and <literal>libxslt</literal> packages, respectively. You also need the <link xlink:href="http://docbook.sourceforge.net/projects/xsl/">DocBook XSL stylesheets</link> and optionally the <link xlink:href="http://www.docbook.org/schemas/5x"> DocBook 5.0 RELAX NG schemas</link>. Note that these are only required if you modify the manual sources or when you are building from the Subversion repository.</para> <para>To build the parser, very <emphasis>recent</emphasis> versions of Bison and Flex are required. (This is because Nix needs GLR support in Bison and reentrancy support in Flex.) For Bison, you need version 1.875c or higher (1.875 does <emphasis>not</emphasis> work), which can be obtained from the <link xlink:href="ftp://alpha.gnu.org/pub/gnu/bison">GNU FTP server</link>. For Flex, you need version 2.5.31, which is available on <link xlink:href="http://lex.sourceforge.net/">SourceForge</link>. Slightly older versions may also work, but ancient versions like the ubiquitous 2.5.4a won't. Note that these are only required if you modify the parser or when you are building from the Subversion repository.</para> <para>Nix uses Sleepycat's Berkeley DB and CWI's ATerm library. These are included in the Nix source distribution. If you build from the Subversion repository, you must download them yourself and place them in the <filename>externals/</filename> directory. See <filename>externals/Makefile.am</filename> for the precise URLs of these packages. Alternatively, if you already have them installed, you can use <command>configure</command>'s <option>--with-bdb</option> and <option>--with-aterm</option> options to point to their respective locations. Note that Berkeley DB <emphasis>must</emphasis> be version 4.4; other versions may not have compatible database formats.</para> </section> <section><title>Building Nix from source</title> <para>After unpacking or checking out the Nix sources, issue the following commands: </para> <screen> $ ./configure <replaceable>options...</replaceable> $ make $ make install</screen> <para>When building from the Subversion repository, these should be preceded by the command: </para> <screen> $ autoreconf -i</screen> <para>The installation path can be specified by passing the <option>--prefix=<replaceable>prefix</replaceable></option> to <command>configure</command>. The default installation directory is <filename>/nix</filename>. You can change this to any location you like. You must have write permission to the <replaceable>prefix</replaceable> path.</para> <warning><para>It is best <emphasis>not</emphasis> to change the installation prefix from its default, since doing so makes it impossible to use pre-built binaries from the standard Nixpkgs channels.</para></warning> <para>If you want to rebuilt the documentation, pass the full path to the DocBook RELAX NG schemas and to the DocBook XSL stylesheets using the <option>--with-docbook-rng=<replaceable>path</replaceable></option> and <option>--with-docbook-xsl=<replaceable>path</replaceable></option> options.</para> </section> <section><title>Installing from RPMs</title> <para>RPM packages of Nix can be downloaded from <uri xlink:href="http://www.cs.uu.nl/groups/ST/Trace/Nix">http://www.cs.uu.nl/groups/ST/Trace/Nix</uri>. These RPMs should work for most fairly recent releases of SuSE and Red Hat Linux. They have been known to work work on SuSE Linux 8.1 and 9.0, and Red Hat 9.0. In fact, it should work on any RPM-based Linux distribution based on <literal>glibc</literal> 2.3 or later.</para> <para>Once downloaded, the RPMs can be installed or upgraded using <command>rpm -U</command>. For example,</para> <screen> $ rpm -U nix-0.5pre664-1.i386.rpm</screen> <para>The RPMs install into the directory <filename>/nix</filename>. Nix can be uninstalled using <command>rpm -e nix</command>. After this it will be necessary to manually remove the Nix store and other auxiliary data:</para> <screen> $ rm -rf /nix/store $ rm -rf /nix/var</screen> </section> <section><title>Upgrading Nix through Nix</title> <para>You can install the latest stable version of Nix through Nix itself by subscribing to the channel <link xlink:href="http://nix.cs.uu.nl/dist/nix/channels-v3/nix-stable" />, or the latest unstable version by subscribing to the channel<link xlink:href="http://nix.cs.uu.nl/dist/nix/channels-v3/nix-unstable" />. You can also do a <link linkend="sec-one-click">one-click installation</link> by clicking on the package links at <link xlink:href="http://nix.cs.uu.nl/dist/nix/" />.</para> </section> <section><title>Permissions</title> <para>All Nix operations must be performed under the user ID that owns the Nix store and database (<filename><replaceable>prefix</replaceable>/store</filename> and <filename><replaceable>prefix</replaceable>/var/nix/db</filename>, respectively). When installed from the RPM packages, these directories are owned by <systemitem class="username">root</systemitem>.</para> <section><title>Setuid installation</title> <para>As a somewhat <emphasis>ad hoc</emphasis> hack, you can also install the Nix binaries <quote>setuid</quote> so that a Nix store can be shared among several users. To do this, configure Nix with the <emphasis>--enable-setuid</emphasis> option. Nix will be installed as owned by a user and group specified by the <option>--with-nix-user=</option><parameter>user</parameter> and <option>--with-nix-group=</option><parameter>group</parameter> options. E.g., <screen> $ ./configure --enable-setuid --with-nix-user=my_nix_user --with-nix-group=my_nix_group</screen> The user and group default to <literal>nix</literal>. You should make sure that both the user and the group exist. Any <quote>real</quote> users that you want to allow access should be added to the Nix group.</para> <warning><para>A setuid installation should only by used if the users in the Nix group are mutually trusted, since any user in that group has the ability to change anything in the Nix store or database. For instance, they could install a trojan horse in executables used by other users.</para></warning> <warning><para>On some platforms, the Nix binaries will be installed as setuid <literal>root</literal>. They drop root privileges immediately after startup and switch to the Nix user. The reason for this is that both the real and effective user must be set to the Nix user, and POSIX has no system call to do this. This is not the case on systems that have the <function>setresuid()</function> system call (such as Linux and FreeBSD), so on those systems the binaries are simply owned by the Nix user.</para></warning> <!-- warning: the nix-builders group should contain *only* the Nix builders, and nothing else. If the Nix account is compromised, you can execute programs under the accounts in the nix-builders group, so it obviously shouldn’t contain any “real” user accounts. So don’t use an existing group like <literal>users</literal> — just create a new one. --> </section> </section> <section><title>Using Nix</title> <para>To use Nix, some environment variables should be set. In particular, <envar>PATH</envar> should contain the directories <filename><replaceable>prefix</replaceable>/bin</filename> and <filename>~/.nix-profile/bin</filename>. The first directory contains the Nix tools themselves, while <filename>~/.nix-profile</filename> is a symbolic link to the current <emphasis>user environment</emphasis> (an automatically generated package consisting of symlinks to installed packages). The simplest way to set the required environment variables is to include the file <filename><replaceable>prefix</replaceable>/etc/profile.d/nix.sh</filename> in your <filename>~/.bashrc</filename> (or similar), like this:</para> <screen> source <replaceable>prefix</replaceable>/etc/profile.d/nix.sh</screen> </section> </chapter>