Is there a way to mark a package as un-sandboxable?

Is there any way to mark a package as not being compatible with sandboxing, such that Nix will produce a reasonable error instead of just having the build fail? I’m maintaining a package for macvim but it currently relies on the user’s Xcode install, which obviously breaks purity.

Check the Nix manual for the __noChroot attribute. It requires configuring Nix to have sandbox = "relaxed" or sandbox = false.

2 Likes

Ok, and if sandbox is strict and I try to build a package with that, it will give a reasonable error? I’ll look into it, thanks.

some hacky hack to detect “sanboxing” during eval: read /etc/nix/nix.conf and look for sandbox = false. If it is absent, then it is on. Maybe some conditional on Nix version (builtins.nixVersion) is reaquired to correctly determine when was default changed.

nix-repl> builtins.match ".*sandbox[ ]*=[ ]*false.*" (builtins.readFile "/etc/nix/nix.conf") != []
true

Looks like __noChroot is good. I just added it to macvim and built with sandboxing and got

these derivations will be built:
  /nix/store/1y84qyjdbdjwcsvzlx4c0pw0wxi5zfmd-macvim-8.1.1722.drv
error: derivation '/nix/store/1y84qyjdbdjwcsvzlx4c0pw0wxi5zfmd-macvim-8.1.1722.drv' has '__noChroot' set, but that's not allowed when 'sandbox' is 'true'
1 Like

Seeing that I am happy pure evaluation mode exists :slight_smile:

2 Likes