Nix

Nix

Nix is a tool for managing packages, generating system configurations, and creating environment in reproducible, declarative, and reliable way.

1. Tips

1.1. Invoking `nix-env` and `nix-build` with your local nixpkgs.

I sometimes have to work with nixpkgs cloned in my hard drive, because I sometimes have to test it before it is merged to the master branch of nixpkgs.

Let’s assume you cloned or downloaded the nixpkgs to your hard drive, and you modified some files.

$ git clone https://github.com/Ch1keen/nixpkgs  # You should not clone it from NixOS organization
                                                # if you want to modify and submit code.
                                                # git clone https://github.com/NixOS/nixpkgs
# Do your work...

After the work, you can try build test with nix-build command, or basic functional tests by hands with nix-shell, both with -I option.

$ # Pass -I option with the nixpkgs directory that you've worked
$ nix-shell -I nixpkgs=./nixpkgs -p your-awesome-package
$ nix-build -I nixpkgs=./nixpkgs -A your-awesome-package

But if you want to use nix-env command, you should pass -f option to do the same.

$ nix-env -f ./nixpkgs -qaP your-awesome-package

Original article: https://toraritte.github.io/posts/2020-07-15-nix-shell-with-specific-path.html

1.2. Running arbitrary binary in NixOS

You cannot run precompiled binaries in your NixOS system, if the source is not compiled in your NixOS system.

Luckily, there are bunches of solutions you might want to.

Patchelf, a traditional way, by manually linking shared objects and setting an interpreter.
nix-ld and nix-alien
- nix-ld can be useful if you want to write a Nix expression with your target binary.
- nix-alien can be useful if you want to run an unpatched binary instantly.
steam-run for Linux native games
- See defail for here: https://nixos.wiki/wiki/Steam

2. Declarative Containers and Virtual Machines

With help of systemd-nspawn and OCI initiative, one can write Nix expression to manage declarative containers.

NixOS containers

And virtual machines, too. With microvm.nix, you can spawn virtual machines with some Nix expressions. It offers more isolated environment compared to NixOS containers.

astro/microvm.nix - GitHub

3. Reference

In KalmarCTF 2024, there is an interesting challenge called 'Reproducible Pwning'.
- Archive: https://github.com/sajjadium/ctf-archives/tree/main/ctfs/KalmarCTF/2024/misc/Reproducible_Pwning
  
  Writeup by Jade
  
  Writeup by Diogo Torres Correia

4. See also

Patchelf