Featured image of post Nix Package Manager
macOS

Nix Package Manager

Explaining why I choose Nix over Homebrew.

Finally I found a package manager I can agree with, can be used on macOS and that Nix what I like about it, is that it does not touch the /usr/local folder on macOS let alone change the ownership of the directory, instead it create a sub-volume and mount it at /nix directory.

I read the manual and I paid close attention to the multi-user section

Nix has multi-user support. This means that non-privileged users can securely install software. Each user can have a different profile, a set of packages in the Nix store that appear in the user’s PATH. If a user installs a package that another user has already installed previously, the package won’t be built or downloaded a second time. At the same time, it is not possible for one user to inject a Trojan horse into a package that might be used by another user.

I especially like the last sentence in the paragraph, in other package manager like Homebrew, that is quite possible to do, here is a quote I got from the wikipedia article.

Homebrew does not honor the default privileges of /usr/local; directory ownership is changed from root with group permissions for the wheel group to the installing user and the “admin” group. Specifically, the mode changes from drwxr-xr-x root wheel to drwxrwxr-x myuser admin. All files, not just the directories, have their ownership changed by the installer. This is considered by some as a major security flaw.

It is a major security flaw, for example it can be use to override command like sudo and use that to steal password from the admin and therefore gain root access to the system. They change the ownership so you don’t use sudo command, in my humble opinion this is not a very good approach, because of that alone I choose not to install the Homebrew.

But thankfully Nix does not use that approach, it relies on the unprivileged user to interact with the lightweight daemon which has the privileged to managed anything in the /nix directory in a very safe manner and like Homebrew you don’t need to use the sudo command. If I wanted to install neovim, I can run the following without using sudo.

nix-env -iA nixpkgs.neovim

Conclusion

Well I just love the Nix package manager, I really love the way it was designed and I also heard it can more than package manager, it can do manage server configurations and it can also do DevOps stuff, pretty much what Chef does. I think it awesome it can do all those, but I choose to use it as a package manager. I had other advices to check out home manager as well, but I choose not to, I prefer to install and uninstall the package as I need to.

There is also part of NixOS, which demonstrates to me that they got a great background in dealing with Unix (Linux and macOS). Homebrew is just one of the those things built by a cool kid, who thinks it cool to change the owner of /usr/local which in reality that is dangerous, therefore I don’t recommend Homebrew. I leave it at that. 🙂

Have a nice day ☀️

comments powered by Disqus
© 2021 - 2024 CJ-Jackson Blog
Built with Hugo
Theme Stack designed by Jimmy