zero-to-nix icon indicating copy to clipboard operation
zero-to-nix copied to clipboard

Published 20 hours ago verified publisher icon DeterminateSystems

Development environments are not hermetic

Open link2xt opened this issue 1 year ago • 3 comments

Page src/pages/start/3.nix-develop.mdx says

As you can see, Nix development environments are hermetic in that they're isolated from the surrounding environment (such as your environment variables and paths like /bin and /usr/bin).

But when I run

$ nix develop "github:DeterminateSystems/zero-to-nix#example" --command which mutt

it outputs "/usr/bin/mutt".

link2xt avatar Feb 28 '23 19:02 link2xt

You can add -i and that should get rid of the mutt.

See: https://github.com/NixOS/nix/issues/4359#issuecomment-907768110

alper avatar May 05 '23 21:05 alper

This also tripped me up when working through the zero to nix tutorial. Perhaps the sentence could be re-worded to specify -i is needed if you don't want access to env vars or paths from the host environment.

JoshMcguigan avatar Jul 03 '23 15:07 JoshMcguigan

I filed #357 before I realized it was a duplicate of this one. I'll repeat the suggestion I made there:

Suggestion: this section seems to be about introducing nix develop's --command option, which is an orthogonal issue to hermeticism. Since nix develop's hermeticism behavior does not depend on or vary with --command, perhaps delete mention of hermeticism from this section entirely. Optionally, add a section discussing the various nuances with respect to nix develop and hermeticism. The hermeticism achieved by these approaches are never perfect anyway, and perhaps deserve more than a passing mention.

matta avatar Jul 28 '24 15:07 matta