make separate section for builder execution

2025-07-07 10:11:47 +02:00 · 2023-07-18 13:49:59 +02:00 · 2023-07-18 13:49:59 +02:00 · 541890463d
commit 541890463d
parent b19bd4f348
1 changed files with 59 additions and 57 deletions
--- a/doc/manual/src/language/derivations.md
+++ b/doc/manual/src/language/derivations.md
@ -93,69 +93,71 @@ wrapper around `derivation` that adds a default value for `system` and
 always uses Bash as the builder, to which the supplied builder is passed
 as a command-line argument. See the Nixpkgs manual for details.
-The builder is executed as follows:
+## Builder execution
-  - A temporary directory is created under the directory specified by
+The [`builder`](#attr-builder) is executed as follows:
    `TMPDIR` (default `/tmp`) where the build will take place. The
    current directory is changed to this directory.
-  - The environment is cleared and set to the derivation attributes, as
+- A temporary directory is created under the directory specified by
-    specified above.
+  `TMPDIR` (default `/tmp`) where the build will take place. The
  current directory is changed to this directory.
-  - In addition, the following variables are set:
+- The environment is cleared and set to the derivation attributes, as
  specified above.
-      - `NIX_BUILD_TOP` contains the path of the temporary directory for
+- In addition, the following variables are set:
        this build.
-      - Also, `TMPDIR`, `TEMPDIR`, `TMP`, `TEMP` are set to point to the
+  - `NIX_BUILD_TOP` contains the path of the temporary directory for
-        temporary directory. This is to prevent the builder from
+    this build.
        accidentally writing temporary files anywhere else. Doing so
        might cause interference by other processes.
-      - `PATH` is set to `/path-not-set` to prevent shells from
+  - Also, `TMPDIR`, `TEMPDIR`, `TMP`, `TEMP` are set to point to the
-        initialising it to their built-in default value.
+    temporary directory. This is to prevent the builder from
    accidentally writing temporary files anywhere else. Doing so
    might cause interference by other processes.
-      - `HOME` is set to `/homeless-shelter` to prevent programs from
+  - `PATH` is set to `/path-not-set` to prevent shells from
-        using `/etc/passwd` or the like to find the user's home
+    initialising it to their built-in default value.
        directory, which could cause impurity. Usually, when `HOME` is
        set, it is used as the location of the home directory, even if
        it points to a non-existent path.
-      - `NIX_STORE` is set to the path of the top-level Nix store
+  - `HOME` is set to `/homeless-shelter` to prevent programs from
-        directory (typically, `/nix/store`).
+    using `/etc/passwd` or the like to find the user's home
    directory, which could cause impurity. Usually, when `HOME` is
    set, it is used as the location of the home directory, even if
    it points to a non-existent path.
-      - For each output declared in `outputs`, the corresponding
+  - `NIX_STORE` is set to the path of the top-level Nix store
-        environment variable is set to point to the intended path in the
+    directory (typically, `/nix/store`).
        Nix store for that output. Each output path is a concatenation
        of the cryptographic hash of all build inputs, the `name`
        attribute and the output name. (The output name is omitted if
        it’s `out`.)
-  - If an output path already exists, it is removed. Also, locks are
+  - For each output declared in `outputs`, the corresponding
-    acquired to prevent multiple Nix instances from performing the same
+    environment variable is set to point to the intended path in the
-    build at the same time.
+    Nix store for that output. Each output path is a concatenation
    of the cryptographic hash of all build inputs, the `name`
    attribute and the output name. (The output name is omitted if
    it’s `out`.)
-  - A log of the combined standard output and error is written to
+- If an output path already exists, it is removed. Also, locks are
-    `/nix/var/log/nix`.
+  acquired to prevent multiple Nix instances from performing the same
  build at the same time.
-  - The builder is executed with the arguments specified by the
+- A log of the combined standard output and error is written to
-    attribute `args`. If it exits with exit code 0, it is considered to
+  `/nix/var/log/nix`.
    have succeeded.
-  - The temporary directory is removed (unless the `-K` option was
+- The builder is executed with the arguments specified by the
-    specified).
+  attribute `args`. If it exits with exit code 0, it is considered to
  have succeeded.
-  - If the build was successful, Nix scans each output path for
+- The temporary directory is removed (unless the `-K` option was
-    references to input paths by looking for the hash parts of the input
+  specified).
    paths. Since these are potential runtime dependencies, Nix registers
    them as dependencies of the output paths.
-  - After the build, Nix sets the last-modified timestamp on all files
+- If the build was successful, Nix scans each output path for
-    in the build result to 1 (00:00:01 1/1/1970 UTC), sets the group to
+  references to input paths by looking for the hash parts of the input
-    the default group, and sets the mode of the file to 0444 or 0555
+  paths. Since these are potential runtime dependencies, Nix registers
-    (i.e., read-only, with execute permission enabled if the file was
+  them as dependencies of the output paths.
-    originally executable). Note that possible `setuid` and `setgid`
+
-    bits are cleared. Setuid and setgid programs are not currently
+- After the build, Nix sets the last-modified timestamp on all files
-    supported by Nix. This is because the Nix archives used in
+  in the build result to 1 (00:00:01 1/1/1970 UTC), sets the group to
-    deployment have no concept of ownership information, and because it
+  the default group, and sets the mode of the file to 0444 or 0555
-    makes the build result dependent on the user performing the build.
+  (i.e., read-only, with execute permission enabled if the file was
  originally executable). Note that possible `setuid` and `setgid`
  bits are cleared. Setuid and setgid programs are not currently
  supported by Nix. This is because the Nix archives used in
  deployment have no concept of ownership information, and because it
  makes the build result dependent on the user performing the build.