|
1 | | -# Using the `post-build-hook` |
| 1 | +# Upload build results to S3 |
2 | 2 |
|
3 | | -# Implementation Caveats |
| 3 | +This guide shows how to use the Nix [`post-build-hook`](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-post-build-hook) configuration option to automatically upload build results to an S3-compatible binary cache. |
4 | 4 |
|
5 | | -Here we use the post-build hook to upload to a binary cache. This is a |
6 | | -simple and working example, but it is not suitable for all use cases. |
| 5 | +## Implementation Caveats |
7 | 6 |
|
8 | | -The post build hook program runs after each executed build, and blocks |
9 | | -the build loop. The build loop exits if the hook program fails. |
| 7 | +This is a simple and working example, but it is not suitable for all use cases. |
10 | 8 |
|
11 | | -Concretely, this implementation will make Nix slow or unusable when the |
12 | | -internet is slow or unreliable. |
| 9 | +The post-build hook program runs after each executed build, and blocks the build loop. |
| 10 | +The build loop exits if the hook program fails. |
13 | 11 |
|
14 | | -A more advanced implementation might pass the store paths to a |
15 | | -user-supplied daemon or queue for processing the store paths outside of |
16 | | -the build loop. |
| 12 | +Concretely, this implementation will make Nix slow or unusable when the network connection is slow or unreliable. |
| 13 | +A more advanced implementation might pass the store paths to a user-supplied daemon or queue for processing the store paths outside of the build loop. |
17 | 14 |
|
18 | 15 | # Prerequisites |
19 | 16 |
|
20 | | -This tutorial assumes you have [configured an S3-compatible binary |
21 | | -cache](../package-management/s3-substituter.md), and that the `root` |
22 | | -user's default AWS profile can upload to the bucket. |
| 17 | +<!-- TODO: this information will move: https://github.com/NixOS/nix/issues/7769 --> |
| 18 | +This tutorial assumes you have [configured an S3-compatible binary cache](https://nixos.org/manual/nix/stable/package-management/s3-substituter.html), and that the `root` user's default AWS profile can upload to the bucket. |
23 | 19 |
|
24 | 20 | # Set up a Signing Key |
25 | 21 |
|
26 | | -Use `nix-store --generate-binary-cache-key` to create our public and |
27 | | -private signing keys. We will sign paths with the private key, and |
28 | | -distribute the public key for verifying the authenticity of the paths. |
| 22 | +Use [`nix-store --generate-binary-cache-key`](https://nixos.org/manual/nix/stable/command-ref/nix-store/generate-binary-cache-key.html) to create a pair of cryptographic keys. |
| 23 | +You will sign paths with the private key, and distribute the public key for verifying the authenticity of the paths. |
29 | 24 |
|
30 | 25 | ```console |
31 | | -# nix-store --generate-binary-cache-key example-nix-cache-1 /etc/nix/key.private /etc/nix/key.public |
32 | | -# cat /etc/nix/key.public |
| 26 | +$ nix-store --generate-binary-cache-key example-nix-cache-1 /etc/nix/key.private /etc/nix/key.public |
| 27 | +$ cat /etc/nix/key.public |
33 | 28 | example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM= |
34 | 29 | ``` |
35 | 30 |
|
|
0 commit comments