Just saw this thread, and I’d add what I did here.
I had a setup* last year that builds (not just copying the store) from bootstrap all the way up to Emacs in an airgapped environment. Here’s what I did:
- Use
nix path-info --recursive --derivation <installable>to get the closure. - Use a script to filter the list of derivations to get the fixed-output derivations (by checking whether each derivation has
outputHashetc.) only. - Build the fixed-output derivations on a host that has Internet access.
- Copy the outputs of the fixed-output derivations to a local binary cache store by
nix copy --to file://<path>, which can then be transferred physically to the airgapped host to build the<installable>.
The Nix store surgery is definitely relying on the implementation details. It was doable with the tools that we already have, but I’d definitely like it to be easier. I felt quite lucky when I learned that IFD is not allowed in Nixpkgs though, because otherwise this would be a much more difficult problem.
*: The whole setup was documented in my note, but it also involves other distractions e.g. it’s musl, it’s at a custom store location, and it’s on an outdated CentOS 6 machine with kernel 2.6.32.