From d6ef1d143a5a7179a41bd7a5ea51dc7286f99fd9 Mon Sep 17 00:00:00 2001
From: Qingsong Chen <changxian.cqs@antgroup.com>
Date: Tue, 9 Dec 2025 03:08:45 +0000
Subject: [PATCH] Pin Nix channels and install cachix

---
 tools/docker/nix/Dockerfile      | 9 ++++++---
 tools/nixos/install_asterinas.sh | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/tools/docker/nix/Dockerfile b/tools/docker/nix/Dockerfile
index 57e5bce3d..61986888d 100644
--- a/tools/docker/nix/Dockerfile
+++ b/tools/docker/nix/Dockerfile
@@ -7,15 +7,18 @@ SHELL ["/bin/bash", "-c"]
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-# Install Nix package manager
+# Install Nix package manager and other Nix tools
+#
+# The nixpkgs and nixos channels are pinned to a particular commit (NixOS 25.05, 2025-07-01) for reproducibility.
 # FIXME: Installing Nix as root is not supported in single-user mode.
 RUN sh <(curl -L https://nixos.org/nix/install) --daemon --yes \
     && . /etc/profile.d/nix.sh \
-    && nix-channel --add https://nixos.org/channels/nixos-25.05 nixpkgs \
-    && nix-channel --add https://nixos.org/channels/nixos-25.05 nixos \
+    && nix-channel --add https://github.com/NixOS/nixpkgs/archive/c0bebd16e69e631ac6e52d6eb439daba28ac50cd.tar.gz nixpkgs \
+    && nix-channel --add https://github.com/NixOS/nixpkgs/archive/c0bebd16e69e631ac6e52d6eb439daba28ac50cd.tar.gz nixos \
     && nix-channel --update \
     && nix-env -iA nixpkgs.nixfmt \
     && nix-env -iA nixpkgs.nixos-install-tools \
+    && nix-env -iA cachix -f https://cachix.org/api/v1/install \
     && rm /nix/var/nix/gcroots/auto/* \
     && nix-collect-garbage -d
 
diff --git a/tools/nixos/install_asterinas.sh b/tools/nixos/install_asterinas.sh
index f0be03401..dfa08b081 100755
--- a/tools/nixos/install_asterinas.sh
+++ b/tools/nixos/install_asterinas.sh
@@ -85,6 +85,7 @@ cp ${DISTRO_DIR}/aster_configuration.nix ${BUILD_DIR}/etc/nixos
 cp -r ${DISTRO_DIR}/modules ${BUILD_DIR}/etc/nixos
 cp -r ${DISTRO_DIR}/overlays ${BUILD_DIR}/etc/nixos
 
+export PATH=${PATH}:/run/current-system/sw/bin
 nixos-install --root ${BUILD_DIR} --no-root-passwd
 
 echo "Congratulations! Asterinas NixOS has been installed successfully!"
\ No newline at end of file