Comment by rssoconnor
3 years ago
Not only can you do that in NixOS, but you can even do something lighter weight and apply a patch to an existing package. This has the advantage that the patch often persists through software updates.
For example, I used to patch OpenSSH to increase the minimum field size for DH key exchanges [1]. Eventually OpenSSH did update their minimum field sizes so I do not use this patch anymore.
[1] https://r6.ca/blog/20150111T040537Z.html
For those interested, patching OpenSSH in NixOS involves adding the following to one's system configuration:
nixpkgs.config.packageOverrides = oldpkgs: {
openssh = pkgs.lib.overrideDerivation oldpkgs.openssh (oldAttrs: {
patches = oldAttrs.patches ++ [ ./openssh-dh-grp-min.patch ];
});
};
where openssh-dh-grp-min.patch is the patch file you want to apply.
Man, NixOS would probably be a lot more useful if people didn't have to learn a whole new goddamned language to use it. I realize making some kind of discoverable and sane interface to the this is probably not trivial, but is it really so impossibly difficult that no one involved with the project wants to do it?
Any other package manager has config files which are essentially a domain-specific declarative language.
Sometimes to do a whole new thing, you have to learn a whole new language.
What would the Debian way to do this be? I bet it would take more than six lines of code.
Edit: I was wrong, the patching part at least is not too bad on Debian: https://unix.stackexchange.com/questions/324680/how-to-apply...
Not only a new language, but one that, once in use, doesn't really look like something built for this purpose, if that snippet's representative. That is ugly.
I admit that NixOS doesn't make these, advanced-but-useful tasks particularly easy. NixOS's design has only gotten as far as making these tasks possible, which is still an improvement over the state of the art at the time.