Manpages - nix3-store-make-content-addressed.1

Warning
This program is experimental and its interface is subject to change.

#+end_quote

Name

nix store make-content-addressed - rewrite a path or closure to content-addressed form

Synopsis

nix store make-content-addressed [/option/…] installables…

Examples

Create a content-addressed representation of the closure of GNU Hello:

# nix store make-content-addressed nixpkgs#hello
…
rewrote '/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10' to '/nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10'

Since the resulting paths are content-addressed, they are always trusted and don't need signatures to copied to another store:

# nix copy --to /tmp/nix --trusted-public-keys '' /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10

By contrast, the original closure is input-addressed, so it does need signatures to be trusted:

# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello
cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a signature by a trusted key

Create a content-addressed representation of the current NixOS system closure:

# nix store make-content-addressed /run/current-system

Description

This command converts the closure of the store paths specified by installables to content-addressed form.

Nix store paths are usually input-addressed, meaning that the hash part of the store path is computed from the contents of the derivation (i.e., the build-time dependency graph). Input-addressed paths need to be signed by a trusted key if you want to import them into a store, because we need to trust that the contents of the path were actually built by the derivation.

By contrast, in a content-addressed path, the hash part is computed from the contents of the path. This allows the contents of the path to be verified without any additional information such as signatures. This means that a command like

# nix store build /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10 \
    --substituters https://my-cache.example.org

will succeed even if the binary cache https://my-cache.example.org doesn't present any signatures.

Options

--from store-uri URL of the source Nix store.
--json Produce output in JSON format, suitable for consumption by another program.
--stdin Read installables from the standard input. No default installable applied.
--to store-uri URL of the destination Nix store.

Common evaluation options

--arg name expr Pass the value expr as the argument name to Nix functions.
--arg-from-file name path Pass the contents of file path as the argument name to Nix functions.
--arg-from-stdin name Pass the contents of stdin as the argument name to Nix functions.
--argstr name string Pass the string string as the argument name to Nix functions.
--debugger Start an interactive environment if evaluation fails.
--eval-store store-url The URL of the Nix store to use for evaluation, i.e. to store derivations (.drv files) and inputs referenced by them.
--impure Allow access to mutable paths and repositories.
--include / -I path Add path to search path entries used to resolve lookup paths This option may be given multiple times. Paths added through -I take precedence over the nix-path configuration setting and the NIX_PATH environment variable.
--override-flake original-ref resolved-ref Override the flake registries, redirecting original-ref to resolved-ref.

Common flake-related options

--commit-lock-file Commit changes to the flake's lock file.
--inputs-from flake-url Use the inputs of the specified flake as registry entries.
--no-registries

Don't allow lookups in the flake registries.

DEPRECATED

Use --no-use-registries instead.
--no-update-lock-file Do not allow any updates to the flake's lock file.
--no-write-lock-file Do not write the flake's newly generated lock file.
--output-lock-file flake-lock-path Write the given lock file instead of flake.lock within the top-level flake.
--override-input input-path flake-url Override a specific flake input (e.g. dwarffs/nixpkgs). This implies --no-write-lock-file.
--recreate-lock-file

Recreate the flake's lock file from scratch.

DEPRECATED

Use nix flake update instead.
--reference-lock-file flake-lock-path Read the given lock file instead of flake.lock within the top-level flake.
--update-input input-path

Update a specific flake input (ignoring its previous entry in the lock file).

DEPRECATED

Use nix flake update instead.

Logging-related options

--debug Set the logging verbosity level to ‘debug'.
--log-format format Set the format of log output; one of raw, internal-json, bar or bar-with-logs.
--print-build-logs / -L Print full build logs on standard error.
--quiet Decrease the logging verbosity level.
--verbose / -v Increase the logging verbosity level.

Miscellaneous global options

--help Show usage information.
--offline Disable substituters and consider all previously downloaded files up-to-date.
--option name value Set the Nix configuration setting name to value (overriding nix.conf).
--refresh Consider all previously downloaded files out-of-date.
--repair During evaluation, rewrite missing or corrupted files in the Nix store. During building, rebuild missing or corrupted store paths.
--version Show version information.

Options that change the interpretation of installables

--all Apply the operation to every store path.
--derivation Operate on the store derivation rather than its outputs.
--expr expr Interpret installables as attribute paths relative to the Nix expression expr.
--file / -f file Interpret installables as attribute paths relative to the Nix expression stored in file. If file is the character -, then a Nix expression will be read from standard input. Implies --impure.
--recursive / -r Apply operation to closure of the specified paths. Note See man nix.conf for overriding configuration settings with command line flags.