[Nix-dev] Why is there no way to run `nix-shell` in a chroot and without the user's .bashrc?
Sergey Mironov
grrwlf at gmail.com
Wed May 18 20:18:19 CEST 2016
Hi. +1 from my side. I noticed that in nix-shell mode, Haskell setup
reads global package database, so I had to write a script containing
`rm -rf /run/user/1000/package.conf.d`
Regards,
Sergey
2016-05-16 20:20 GMT+03:00 zimbatm <zimbatm at zimbatm.com>:
> Yes, we should not load the `.bashrc` unless the nix-shell is interactive
> *and* non-pure. If it's not interactive then the user doesn't need to load
> his favorite environment. If it's pure then then it's causing problems
> because the assumptions of available software made in the .bashrc are
> usually wrong.
>
> I submitted a PR a long time ago regarding this issue but it never got any
> traction (and probably needs a bit more work):
> https://github.com/NixOS/nix/pull/605
>
>
> On Mon, 16 May 2016 at 15:34 Ryan Newton <rrnewton at indiana.edu> wrote:
>>
>> (I posted this question as an issue here, before realizing its more of a
>> mailing list question.)
>>
>> I'm using the Haskell stack tool's nix integration, which launches
>> everything through a nix-shell.
>>
>> Even running with --pure, nix-shell seems really impure compared to
>> nix-build. It not only mounts directories, it sources the bashrc from the
>> host system!
>>
>> Is there any way to lock down nix-shell more using current configuration
>> options? If not, is there any plan to make nix-shell more pure?
>>
>> This is especially concerning because I thought that shebang lines with
>> nix-shell were a great way to get reproducible scripts. But now I realize
>> that those scripts are much more impure and less reproducible than I
>> thought.
>>
>>
>> Thanks,
>> -Ryan
>>
>>
>> Ryan R. Newton
>> (812) 856-4205
>> Asst. Professor
>> Indiana University - School of Informatics & Computing
>> Lindley Hall 230H
>> http://www.cs.indiana.edu/~rrnewton/
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
More information about the nix-dev
mailing list