Skip to content

syncom/custom_nixos_iso

BranchesTags

Repository files navigation

Recipe for deterministic custom nixOS ISO builds

Build custom nixOS ISO (the ISO is "custom" in that it contains a custom package named "hello_syncom")

curl -L https://nixos.org/nix/install | sh
git clone https://github.com/NixOS/nixpkgs.git
pushd nixpkgs
# This commit is tagged as 21.11 in nixpkgs, which includes the determinism
# improvement https://github.com/NixOS/nixpkgs/pull/119657
git checkout a7ecde854aee5c4c7cd6177f54a99d2c1ff28a31
popd
export NIX_PATH=nixpkgs=$(pwd)/nixpkgs
git clone https://github.com/syncom/custom_nixos_iso.git
cd custom_nixos_iso/
git checkout 817946610fd188a57c19e1983680cdaad3c35fa3
nix-build iso.nix

On three distinct Ubuntu (x86_64-linux) machines, and one NixOS VM (corresponding to this SHA256 digest) the above procedures produced the same ISO for me.

# On one of the Ubuntu machines
$ uname -a
Linux syncom-xps13 5.4.0-126-generic #142~18.04.1-Ubuntu SMP Thu Sep 1 16:25:16 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ sha256sum $(readlink -f result)/iso/*.iso
5443e41acee9664e3b8dcc46e72bf54aec323457ec703aa7948d0c20f975ff5b  /nix/store/k4fa432jpfjs0wivi736dacs59jra466-nixos-21.11pre-git-x86_64-linux.iso/iso/nixos-21.11pre-git-x86_64-linux.iso

Build ISO in Docker

The above deterministic ISO creation process can be automated using Docker. Run the following command in the repository root directory.

make iso

When we make the ISO at revision 817946610fd188a57c19e1983680cdaad3c35fa3, text like that shown below is expected in command output. The value for IMAGE sha256sum is critical to check for reproducibility.

============ CUSTOM NIXOS ISO INFO ============
ISO image created in /tmp/custom_nixos_iso/out/custom_nixos_iso-817946610fd188a57c19e1983680cdaad3c35fa3.iso
IMAGE sha256sum: 5443e41acee9664e3b8dcc46e72bf54aec323457ec703aa7948d0c20f975ff5b

Clean up

Clean up built ISO

make clean

Prune Docker resources (to save disk space, for example)

make dockerclean

References

I've learned from the following resources:

  1. Nix Pills, by Luca Bruno (aka Lethalman).
  2. Managing private Nix packages outside the Nixpkgs tree, by Sander van der Burg.
  3. Creating a NixOS live CD, on nixos.wiki.
  4. Github project: mbp-nixos, by Charles Strahan (cstrahan).
  5. nixpkgs, nixpkgs source code.

About

Build custom nixOS ISO

Topics

nix nixos nixpkgs reproducible-builds deterministic-build one-click-builder reproducible-iso

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages