Install Now
nix store make-content-addressable - rewrite a path or closure to content-addressed form
Contents
Description
This command converts the closure of the store paths specified by installables to content-addressed form.
Nix store paths are usually input-addressed, meaning that the hash part of the store path is computed
from the contents of the derivation (i.e., the build-time dependency graph). Input-addressed paths need
to be signed by a trusted key if you want to import them into a store, because we need to trust that the
contents of the path were actually built by the derivation.
By contrast, in a content-addressed path, the hash part is computed from the contents of the path. This
allows the contents of the path to be verified without any additional information such as signatures.
This means that a command like
# nix store build /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10 \
--substituters https://my-cache.example.org
will succeed even if the binary cache https://my-cache.example.org doesn’t present any signatures.
Examples
• Create a content-addressed representation of the closure of GNU Hello:
# nix store make-content-addressable -r nixpkgs#hello
…
rewrote '/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10' to '/nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10'
Since the resulting paths are content-addressed, they are always trusted and don’t need signatures
to copied to another store:
# nix copy --to /tmp/nix --trusted-public-keys '' /nix/store/5skmmcb9svys5lj3kbsrjg7vf2irid63-hello-2.10
By contrast, the original closure is input-addressed, so it does need signatures to be trusted:
# nix copy --to /tmp/nix --trusted-public-keys '' nixpkgs#hello
cannot add path '/nix/store/zy9wbxwcygrwnh8n2w9qbbcr6zk87m26-libunistring-0.9.10' because it lacks a valid signature
• Create a content-addressed representation of the current NixOS system closure:
# nix store make-content-addressable -r /run/current-system
Name
nix store make-content-addressable - rewrite a path or closure to content-addressed form
Options
• --json
Produce output in JSON format, suitable for consumption by another program.
Commonevaluationoptions:
• --arg nameexpr
Pass the value expr as the argument name to Nix functions.
• --argstr namestring
Pass the string string as the argument name to Nix functions.
• --eval-store store-url
The Nix store to use for evaluations.
• --impure
Allow access to mutable paths and repositories.
• --include / -I path
Add path to the list of locations used to look up <...> file names.
• --override-flake original-refresolved-ref
Override the flake registries, redirecting original-ref to resolved-ref.
Commonflake-relatedoptions:
• --commit-lock-file
Commit changes to the flake’s lock file.
• --inputs-from flake-url
Use the inputs of the specified flake as registry entries.
• --no-registries
Don’t allow lookups in the flake registries. This option is deprecated; use --no-use-registries.
• --no-update-lock-file
Do not allow any updates to the flake’s lock file.
• --no-write-lock-file
Do not write the flake’s newly generated lock file.
• --override-input input-pathflake-url
Override a specific flake input (e.g. dwarffs/nixpkgs). This implies --no-write-lock-file.
• --recreate-lock-file
Recreate the flake’s lock file from scratch.
• --update-input input-path
Update a specific flake input (ignoring its previous entry in the lock file).
Optionsthatchangetheinterpretationofinstallables:
• --all
Apply the operation to every store path.
• --derivation
Operate on the store derivation rather than its outputs.
• --expr expr
Interpret installables as attribute paths relative to the Nix expression expr.
• --file / -f file
Interpret installables as attribute paths relative to the Nix expression stored in file.
• --recursive / -r
Apply operation to closure of the specified paths.
nix3-store-make-content-addressable(1)
Synopsis
nix store make-content-addressable [option…] installables…
PNG Icons
Emojis