Home Explore Blog Models CI



nixpkgs
3rd chunk of `pkgs/README.md`
068767b069507b0c7b46c7601f98d987e464bd3abf2f112d0000000100000fbf
  * transparent public disclosure of security issues when they are found or fixed
  * These aspects are sometimes hard to verify, in which case an upstream that is not known to be irresponsible should be considered as responsible.
* Source-available software should be built from source where possible.
  Binary blobs risk supply chain attacks and vendored outdated libraries.

This section describes a general framework of understanding and exceptions might apply.

Luckily it's pretty easy to maintain your own package set with Nix, which can then be added to the [Nix User Repository](https://github.com/nix-community/nur) project.

---

Now that this is out of the way.
To add a package to Nixpkgs:

1. Checkout the Nixpkgs source tree:

   ```ShellSession
   $ git clone https://github.com/NixOS/nixpkgs
   $ cd nixpkgs
   ```

2. Create a package directory `pkgs/by-name/so/some-package` where `some-package` is the package name and `so` is the lowercased 2-letter prefix of the package name:

   ```ShellSession
   $ mkdir -p pkgs/by-name/so/some-package
   ```

   For more detailed information, see [here](./by-name/README.md).

3. Create a `package.nix` file in the package directory, containing a Nix expression — a piece of code that describes how to build the package.
   In this case, it should be a _function_ that is called with the package dependencies as arguments, and returns a build of the package in the Nix store.

   ```ShellSession
   $ emacs pkgs/by-name/so/some-package/package.nix
   $ git add pkgs/by-name/so/some-package/package.nix
   ```

   If the package is written in a language other than C, you should use [the corresponding language framework](https://nixos.org/manual/nixpkgs/stable/#chap-language-support).

   You can have a look at the existing Nix expressions under `pkgs/` to see how it’s done, some of which are also using the [category hierarchy](#category-hierarchy).
   Here are some good ones:

   - GNU Hello: [`pkgs/by-name/he/hello/package.nix`](./by-name/he/hello/package.nix).
     Trivial package, which specifies some `meta` attributes which is good practice.

   - GNU cpio: [`pkgs/by-name/cp/cpio/package.nix`](./by-name/cp/cpio/package.nix).
     Also a simple package.
     The generic builder in `stdenv` does everything for you.
     It has no dependencies beyond `stdenv`.

   - GNU Multiple Precision arithmetic library (GMP): [`pkgs/development/libraries/gmp`](development/libraries/gmp).
     Also done by the generic builder, but has a dependency on `m4`.

   - Pan, a GTK-based newsreader: [`pkgs/by-name/pa/pan/package.nix`](./by-name/pa/pan/package.nix).
     Has an optional dependency on `gspell`, which is only built if `spellCheck` is `true`.

   - Apache HTTPD: [`pkgs/servers/http/apache-httpd/2.4.nix`](servers/http/apache-httpd/2.4.nix).
     A bunch of optional features, variable substitutions in the configure flags, a post-install hook, and miscellaneous hackery.

   - buildMozillaMach: [`pkgs/build-support/build-mozilla-mach/default.nix`](./build-support/build-mozilla-mach/default.nix).
     A reusable build function for Firefox, Thunderbird and Librewolf.

   - JDiskReport, a Java utility: [`pkgs/by-name/jd/jdiskreport/package.nix`](./by-name/jd/jdiskreport/package.nix).
     Nixpkgs doesn’t have a decent `stdenv` for Java yet so this is pretty ad-hoc.

   - XML::Simple, a Perl module: [`pkgs/top-level/perl-packages.nix`](top-level/perl-packages.nix) (search for the `XMLSimple` attribute).
     Most Perl modules are so simple to build that they are defined directly in `perl-packages.nix`; no need to make a separate file for them.

   - Discord Game SDK: [`pkgs/by-name/di/discord-gamesdk/package.nix`](./by-name/di/discord-gamesdk/package.nix).
     Shows how binary-only packages can be supported.
     In particular, the `autoPatchelfHook` is used to set the RUNPATH and ELF interpreter of the executables so that the right libraries are found at runtime.

   Some notes:

   - Add yourself as the maintainer of the package.
Title: Nixpkgs Package Contribution: Creating Package Definitions
Summary
This chunk concludes security considerations for Nixpkgs package contributions, stressing transparent security disclosure and building from source to prevent supply chain attacks. It then outlines the practical steps for adding a package: creating a package directory (`pkgs/by-name/so/some-package`) and, crucially, defining the `package.nix` file. This Nix expression, a function, describes the package's build process, potentially using language frameworks. The text provides various `package.nix` examples, from simple GNU Hello and cpio to complex ones like Pan (optional dependencies), Apache HTTPD (extensive features), buildMozillaMach (reusable builder), JDiskReport (Java utility), XML::Simple (Perl module), and Discord Game SDK (binary-only support with `autoPatchelfHook`). Contributors are also advised to add themselves as maintainers.