You must log in or register to comment.
How long until nix flakes go mainstream and fix this problem?
Replace “nix flakes” with “Docker” and you have your answer from almost decade ago.
No offense but it sounds like you don’t actually understand nix flakes if you think they’re 1:1 equivalent to Docker.
They simply are not containers. They allow the declarative BUILD of any derivation at any time in the future. They hermetically lock all dependencies and build instructions which allows you to archive and reproduce the EXACT content-addressed dependency graph of the software. You can rebuild using a flake while Docker doesn’t actually allow that same hermetic reproducible guarantee whatsoever.
See here for a much better explanation of the glaring differences between the two: https://youtu.be/0uixRE8xlbY
You could even build a container with a flake though I’d recommend OCI instead because they’re an open standard…
This is programmerhumor so perhaps allow for a bit of hyperbole on my part. I wasn’t completely factual.
However the initial days of Docker were effectively promising to solve the exact same “it works on my laptop” problem. The idea was that developer builds docker image and pushes it to repository where it can pass through CI and eventually the same image gets to production.
As you can see, this effectively reproduces the EXACT content as well, because you transfer the files in a set of tar files.
It didn’t work for many reasons. One of which is the fact that it’s often not so much about the exact files, but the rest of the environment like DBs, proxies, networking, etc that is the problem. I’ve seen image misbehaving in production due to different kernel version/configuration.
I know it’s a strange place for this conversation but the facts remain: docker images don’t do this and nix flakes actually do. As the video I linked demonstrates and you allude to, Docker files aren’t 100% hermetic (which means they’re not reproducible) while Nix flakes actually do achieve this. Watch the video I linked for more explanation which directly talks about how nix works with the goals of Docker that you mentioned in the head of your last comment. I hope my non-confrontational tone comes across somehow. This is all said with respect and in the spirit of science.
