[Nix-dev] Why is there no way to run `nix-shell` in a chroot and without the user's .bashrc?

[zimbatm]

Yes, we should not load the `.bashrc` unless the nix-shell is interactive
*and* non-pure. If it's not interactive then the user doesn't need to load
his favorite environment. If it's pure then then it's causing problems
because the assumptions of available software made in the .bashrc are
usually wrong.

I submitted a PR a long time ago regarding this issue but it never got any
traction (and probably needs a bit more work):
https://github.com/NixOS/nix/pull/605


On Mon, 16 May 2016 at 15:34 Ryan Newton <rrnewton at indiana.edu> wrote:

> (I posted this question as an issue here
> <https://github.com/NixOS/nix/issues/903>, before realizing its more of a
> mailing list question.)
>
> I'm using the Haskell stack tool's nix integration, which launches
> everything through a nix-shell.
>
> Even running with --pure, nix-shell seems really impure compared to
> nix-build. It not only mounts directories, it sources the bashrc from the
> host system!
>
> Is there any way to lock down nix-shell more using current configuration
> options? If not, is there any plan to make nix-shell more pure?
>
> This is especially concerning because I thought that shebang lines with
> nix-shell were a great way to get reproducible scripts. But now I realize
> that those scripts are much more impure and less reproducible than I
> thought.
>
> Thanks,
>  -Ryan
>
>
> Ryan R. Newton
> (812) 856-4205
> Asst. Professor
> Indiana University - School of Informatics & Computing
> Lindley Hall 230H
> http://www.cs.indiana.edu/~rrnewton/
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160516/5db60ea4/attachment-0001.html