A review of Nix/NixOS after using it on all my machines for three years. I'll cover what works, what doesn't, and why it's the first OS that's stuck with me.
I’m not quite sure why you fetishise a bit-for-bit over semantic equivalence. Doesn’t it turn “it works on my machine” into "it works on my machine as long as it has this sha: … "?
I’m not quite sure why you think pointing out someone’s confidently incorrect claim that containers do give you reproducible environments means that I fetishsize anything?
I was quite happy to see that Debian and Arch have both made great strides into making tooling that enables reproducible packages in recent times. It’s probable that, because of efforts like this, creating reproducible builds will become easier/possible on most Linux environments, including traditional container workflows.
For now though, Nix Flakes are much better at enabling reproducible builds of your software than traditional containers, if you can suffer through Nix not being documented very well. This article covers some more details on different build systems and compares them with Nix Flakes if you want more concrete examples.
FWIW, I think that containers are awesome, and using them for dev environments and CI tooling solves a lot of very real problems (“it works on my machine”, cheap and easy cross-compilation for Linux systems, basic sandboxing, etc.) for people. I use containers for a lot of those reasons. But if I need to make something reproducible, there are better tools for the job.
You absolutely do. If you build a container and publish it you will pull down that exact thing every time. How is that not “reproducibility”?
You no what though? Scratch that - who gives a fuck? Bit-for-bit reproducibility takes far more effort than it’s worth anyway. Even NixOS isn’t completely reproducible. It’s a false goal.
For dev environments, repeatable is okay.
It’s well more than good enough you mean.
If you want actually reproducible binaries that you can ship, Nix is better fit for that purpose.
Care to elaborate? Containers give you repeatable environments, which are not the same thing as reproducible environments.
But for like 99% of development teams “repeatable” is Good Enough™.
So, containers do not get you reproducibility.
For dev environments, repeatable is okay. If you want actually reproducible binaries that you can ship, Nix is better fit for that purpose.
I’m not quite sure why you fetishise a bit-for-bit over semantic equivalence. Doesn’t it turn “it works on my machine” into "it works on my machine as long as it has this sha: … "?
I’m not quite sure why you think pointing out someone’s confidently incorrect claim that containers do give you reproducible environments means that I fetishsize anything?
But if you genuinely want to know why reproducibility is valuable, take a look at https://reproducible-builds.org/.
I was quite happy to see that Debian and Arch have both made great strides into making tooling that enables reproducible packages in recent times. It’s probable that, because of efforts like this, creating reproducible builds will become easier/possible on most Linux environments, including traditional container workflows.
For now though, Nix Flakes are much better at enabling reproducible builds of your software than traditional containers, if you can suffer through Nix not being documented very well. This article covers some more details on different build systems and compares them with Nix Flakes if you want more concrete examples.
FWIW, I think that containers are awesome, and using them for dev environments and CI tooling solves a lot of very real problems (“it works on my machine”, cheap and easy cross-compilation for Linux systems, basic sandboxing, etc.) for people. I use containers for a lot of those reasons. But if I need to make something reproducible, there are better tools for the job.
You absolutely do. If you build a container and publish it you will pull down that exact thing every time. How is that not “reproducibility”?
You no what though? Scratch that - who gives a fuck? Bit-for-bit reproducibility takes far more effort than it’s worth anyway. Even NixOS isn’t completely reproducible. It’s a false goal.
It’s well more than good enough you mean.
Nobody really needs that.
🤡