manual: More on stores, building and mounting in the file system

Ericson2314 · Ericson2314 · commit 88585537608d · 2025-12-03T00:53:30.000-05:00
Expand the manual on

1. store paths (be more explicit about store path base
   names)

2. How store objects are exposed on the file system (new page and new
   section of page)

3. Building derivations (lots of stuff on that page)
diff --git a/doc/manual/redirects.js b/doc/manual/redirects.js
@@ -347,7 +347,7 @@ const redirects = {
     "string-literal": "string-literals.html",
   },
   "language/derivations.md": {
-    "builder-execution": "store/drv/building.md#builder-execution",
+    "builder-execution": "store/drv/building.md",
   },
   "installation/installing-binary.html": {
     "linux": "uninstall.html#linux",
diff --git a/doc/manual/source/SUMMARY.md.in b/doc/manual/source/SUMMARY.md.in
@@ -19,9 +19,10 @@
 - [Nix Store](store/index.md)
   - [File System Object](store/file-system-object.md)
     - [Content-Addressing File System Objects](store/file-system-object/content-address.md)
+    - [Exposing in OS File Systems](store/file-system-object/os-file-system.md)
   - [Store Object](store/store-object.md)
     - [Content-Addressing Store Objects](store/store-object/content-address.md)
-  - [Store Path](store/store-path.md)
+  - [Store Path and Store Directory](store/store-path.md)
   - [Store Derivation and Deriving Path](store/derivation/index.md)
     - [Derivation Outputs and Types of Derivations](store/derivation/outputs/index.md)
       - [Content-addressing derivation outputs](store/derivation/outputs/content-address.md)
diff --git a/doc/manual/source/glossary.md b/doc/manual/source/glossary.md
@@ -35,7 +35,7 @@
 
   A derivation can be thought of as a [pure function](https://en.wikipedia.org/wiki/Pure_function) that produces new [store objects][store object] from existing store objects.
 
-  Derivations are implemented as [operating system processes that run in a sandbox](@docroot@/store/building.md#builder-execution).
+  Derivations are implemented as [operating system processes that run in a sandbox](@docroot@/store/building.md).
   This sandbox by default only allows reading from store objects specified as inputs, and only allows writing to designated [outputs][output] to be [captured as store objects](@docroot@/store/building.md#processing-outputs).
 
   A derivation is typically specified as a [derivation expression] in the [Nix language], and [instantiated][instantiate] to a [store derivation].
diff --git a/doc/manual/source/store/building.md b/doc/manual/source/store/building.md
diff --git a/doc/manual/source/store/file-system-object/os-file-system.md b/doc/manual/source/store/file-system-object/os-file-system.md
@@ -0,0 +1,35 @@
+# Exposing in OS File Systems
+
+Nix's [file system object] data model is minimal and abstract.
+But to actually be used by software, file system objects need to be made available through the operating system's file system.
+This is sometimes called "mounting" or "exposing" the file system object, though do note it may or may not be implemented with what the operating system calls "mounting".
+
+[file system object]: ../file-system-object.md
+
+## Metadata normalization
+
+File systems typically contain other metadata that is outside Nix's data model.
+To avoid this other metadata being a side channel and source of nondeterminism, Nix is careful to normalize to fixed values.
+For example, on Unix, the following metadata normalization occurs:
+
+- The creation and last modification timestamps on all files are set to Unix Epoch 1s (00:00:01 1/1/1970 UTC)
+
+- The group is set to the default group
+
+- The Unix mode of the file to 0444 or 0555 (i.e., read-only, with execute permission enabled if the file was originally executable).
+
+- Any possible `setuid` and `setgid` bits are cleared.
+
+  > **Note**
+  >
+  > Setuid and setgid programs are not currently supported by Nix.
+  > This is because the Nix archives used in deployment have no concept of ownership information,
+  > and because it makes the build result dependent on the user performing the build.
+
+> **Explanation**
+>
+> As discussesed before, Nix essentially shares its file system object data model with other tools like Git.
+> But those tools tend to ignore this metadata in both directions --- when reading files, like Nix, but when writing files, timestamps are set organically, and the user is free to set other special perms (setuid, setgid, sticky, etc.) however they like, with the proviso that since they are ignored by Git, git will silently loose that information.
+> This metadata normalization for determinism is therefore what distinguishes Nix from other tools more than the data model itself.
+>
+> Nix's approach is motivated by determinstic building. Whereas git can assume that humans running commands will simply ignore timestamps etc. as appropriate, understanding they are local and ephemeral, Nix aims to run software that was not necessarily designed with Nix in mind, and is unaware of whatever sandboxing/virtualization is in place.
diff --git a/doc/manual/source/store/index.md b/doc/manual/source/store/index.md
@@ -2,4 +2,33 @@
 
 The *Nix store* is an abstraction to store immutable file system data (such as software packages) that can have dependencies on other such data.
 
-There are [multiple types of Nix stores](./types/index.md) with different capabilities, such as the default one on the [local filesystem](./types/local-store.md) (`/nix/store`) or [binary caches](./types/http-binary-cache-store.md).
+Concretely, albeit using concepts that are only defined in the rest of the chapter, a store consists of:
+
+- A set of [store objects][store object], the immutable file system data.
+
+  This can also be looked at as a map from [store paths][store path] to store objects.
+
+- A set of [derivations][derivation], instructions for building store objects.
+
+  This can also be looked at as a map from [store paths][store path] to derivations.
+  Since store paths to derivations always end in `.drv`, and store paths to other store objects never do, the two maps can also be combined into one.
+  Derivations can also be encoded as store objects too.
+
+- A [build trace], a record of which derivations have been built and what they produced.
+
+  > **Warning**
+  >
+  > The concept of a build trace is currently
+  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-ca-derivations)
+  > and subject to change.
+
+There are [multiple types of Nix stores][store type] with different capabilities, such as the default one on the [local file system][local store] (`/nix/store`) or [binary caches][binary cache].
+
+[store object]: ./store-object.md
+[store path]: ./store-path.md
+[derivation]: ./derivation/index.md
+[build trace]: ./build-trace.md
+
+[store type]: ./types/index.md
+[local store]: ./types/local-store.md
+[binary cache]: ./types/http-binary-cache-store.md
diff --git a/doc/manual/source/store/store-path.md b/doc/manual/source/store/store-path.md
@@ -1,21 +1,30 @@
-# Store Path
+# Store Path and Store Directory
 
-> **Example**
->
-> `/nix/store/a040m110amc4h71lds2jmr8qrkj2jhxd-git-2.38.1`
->
-> A rendered store path
+Nix's [store object] and [file system object] data models are minimal and abstract.
+But to actually be used by software, store objects need to be made available through the operating system's file system.
+
+This is done by exposing all the store objects in a single *[store directory]*.
+Every entry in that directory has a *[store path base name]* as the name, and the file system object of one of the store objects in the store as the child file.
+Store objects exposed in this way can then be referenced by *[store paths][store path]*.
+
+[store object]: ./store-object.md
+[file system object]: ./file-system-object.md
+[store path]: #store-path
+[store path base name]: #store-path-base-name
+[store directory]: #store-directory-path
 
-Nix implements references to [store objects](./store-object.md) as *store paths*.
+## Store Path Base Name
 
-Think of a store path as an [opaque], [unique identifier]:
-The only way to obtain store path is by adding or building store objects.
-A store path will always reference exactly one store object.
+Nix implements references to store objects as *store path base names*.
+
+Think of a store path base name as an [opaque], [unique identifier]:
+The only way to obtain a store path base name is by adding or building store objects.
+A store path base name will always reference exactly one store object.
 
 [opaque]: https://en.m.wikipedia.org/wiki/Opaque_data_type
 [unique identifier]: https://en.m.wikipedia.org/wiki/Unique_identifier
 
-Store paths are pairs of
+Store path base names are pairs of
 
 - A 20-byte digest for identification
 - A symbolic name for people to read
@@ -25,48 +34,96 @@ Store paths are pairs of
 > - Digest: `b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z`
 > - Name:   `firefox-33.1`
 
-To make store objects accessible to operating system processes, stores have to expose store objects through the file system.
-
-A store path is rendered to a file system path as the concatenation of
+A store path base name is rendered to a string as the concatenation of
 
-- [Store directory](#store-directory) (typically `/nix/store`)
-- Path separator (`/`)
-- Digest rendered in a custom variant of [Base32](https://en.wikipedia.org/wiki/Base32) (20 arbitrary bytes become 32 ASCII characters)
+- Digest rendered in a custom variant of [Base32] (20 arbitrary bytes become 32 ASCII characters)
 - Hyphen (`-`)
 - Name
 
 > **Example**
 >
 > ```
->   /nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1
->   |--------| |------------------------------| |----------|
-> store directory            digest                 name
+> b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1
+> |------------------------------| |----------|
+>               digest                 name
 > ```
 
-Exactly how the digest is calculated depends on the type of store path.
+[Base32]: https://en.wikipedia.org/wiki/Base32
+
+Exactly how the digest is calculated depends on the type of store object being referenced.
 Store path digests are *supposed* to be opaque, and so for most operations, it is not necessary to know the details.
 That said, the manual has a full [specification of store path digests](@docroot@/protocols/store-path.md).
 
-## Store Directory
-
-Every [Nix store](./index.md) has a store directory.
-
-Not every store can be accessed through the file system.
-But if the store has a file system representation, the store directory contains the store’s [file system objects], which can be addressed by [store paths](#store-path).
+## Store Directory Path
 
-[file system objects]: ./file-system-object.md
+Every [Nix store] has a store directory path.
+This is an absolute, lexically canonical (not containing any `..`, `.`, or similar) path which points to the directory where all store objects are to be found.
 
-This means a store path is not just derived from the referenced store object itself, but depends on the store that the store object is in.
+[Nix store]: ./index.md
 
 > **Note**
 >
 > The store directory defaults to `/nix/store`, but is in principle arbitrary.
 
-It is important which store a given store object belongs to:
+## Store Path
+
+A store path is the pair of a store directory path and a [store path base name].
+It is rendered to a file system path as the concatenation of
+
+- [Store directory] (typically `/nix/store`)
+- Path separator (`/`)
+- The [store path base name]
+
+> **Example**
+>
+> ```
+>   /nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1
+>   |--------| |------------------------------| |----------|
+> store directory            digest                 name
+> ```
+
+When we have fixed a given store, or given store directory path (that all the stores in use share), the abstract syntax for store paths and the abstract syntax for store path base names coincide: the store directory path is known from context, so only the other two fields vary from one store path to the next.
+
+## Exposing Store Objects in OS File Systems {#exposing}
+
+Not every store can be accessed through the file system.
+But if the store has a file system representation, the following should be true:
+
+- The store directory path is canonical: no prefix of the path (i.e. path of the first *n* path segments) points to a symlink.
+  (This is a separate condition in addition to "lexical canonicity", which is a property of just the path itself, whereas regular "canonicity" is an additional property about the path and the filesystem it navigates jointly.)
+
+- The store directory path in fact points to a directory.
+
+- The store directory contains, for every store object in the store, the [file system object] of that store object at the (rendered) [store path base name].
+  The permissions and other metadata for these files in the store directory is in the normal form described in [Exposing in OS file systems](./file-system-object/os-file-system.md).
+
+The above properties mean that the following file accesses will work.
+Suppose we have a store available on the file system per the above rules, and `b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1` is the store path base name of a store object in that store.
+
+- Suppose that the store directory (path) is `/foo/bar`.
+  Then, `/foo/bar/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1` exists and is the file system object of that store object.
+
+- Suppose that we don't know what the store directory path of the store is, but we do have a capability `storeDir` to the store directory on the file system.
+  (This would be a "file descriptor" on Unix, or a "file handle" on Windows.)
+  Then (using the Unix notation for this):
+  ```
+  openat(storeDir, "b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1", O_NOFOLLOW)
+  ```
+  will succeed (so long as the file system object is not a symlink), and the yielded capability will point to the file system object of that store object.
+
+  (The behavior for symlinks is harder to specify because of limitations in POSIX.)
+
+## Relocating store objects
+
+The inclusion of the store directory path in the full rendered store path means that it is not just derived from the referenced store object itself, but depends on the store that the store object is in.
+(And actually, many of the ways of computing the digest also depend on the store directory path.
+So this is also true even just for store path base names, in general.)
+
+It is therefore important to consider which store a given store object belongs to:
 Files in the store object can contain store paths, and processes may read these paths.
 Nix can only guarantee referential integrity if store paths do not cross store boundaries.
 
-Therefore one can only copy store objects to a different store if
+One can only copy store objects to a different store if
 
 - The source and target stores' directories match
 
diff --git a/src/libstore/include/nix/store/globals.hh b/src/libstore/include/nix/store/globals.hh
@@ -189,7 +189,7 @@ public:
         0,
         "cores",
         R"(
-          Sets the value of the `NIX_BUILD_CORES` environment variable in the [invocation of the `builder` executable](@docroot@/store/building.md#builder-execution) of a derivation.
+          Sets the value of the `NIX_BUILD_CORES` environment variable in the [invocation of the `builder` executable](@docroot@/store/building.md#env-vars) of a derivation.
           The `builder` executable can use this variable to control its own maximum amount of parallelism.
 
           <!--
