Is there any way to mark a package as not being compatible with sandboxing, such that Nix will produce a reasonable error instead of just having the build fail? I’m maintaining a package for macvim but it currently relies on the user’s Xcode install, which obviously breaks purity.
Check the Nix manual for the __noChroot attribute. It requires configuring Nix to have sandbox = "relaxed" or sandbox = false.
2 Likes
Ok, and if sandbox is strict and I try to build a package with that, it will give a reasonable error? I’ll look into it, thanks.
some hacky hack to detect “sanboxing” during eval: read /etc/nix/nix.conf and look for sandbox = false. If it is absent, then it is on. Maybe some conditional on Nix version (builtins.nixVersion) is reaquired to correctly determine when was default changed.
nix-repl> builtins.match ".*sandbox[ ]*=[ ]*false.*" (builtins.readFile "/etc/nix/nix.conf") != []
true
Looks like __noChroot is good. I just added it to macvim and built with sandboxing and got
these derivations will be built:
/nix/store/1y84qyjdbdjwcsvzlx4c0pw0wxi5zfmd-macvim-8.1.1722.drv
error: derivation '/nix/store/1y84qyjdbdjwcsvzlx4c0pw0wxi5zfmd-macvim-8.1.1722.drv' has '__noChroot' set, but that's not allowed when 'sandbox' is 'true'
1 Like
Seeing that I am happy pure evaluation mode exists 
2 Likes