I’m trying to build a derivation in pure evaluation mode to make sure that it will also work with Flakes and possibly on Hydra. So I made a test derivation which should definitely be pure: default.nix
derivation {
name = "pure-eval-test";
builder = ./builder.sh;
system = "x86_64-linux";
}
builder.sh
#!/bin/sh
echo "" > $out
However, running nix-build with pure evaluation turned on reports:
$ nix-build --option pure-eval true default.nix
error: --- RestrictedPathError --- nix-build
access to path '/home/henri/default.nix' is forbidden in restricted mode
This is of course very pure by not even allowing to read the input file, but I have the feeling that this sort of defeats the purpose. What am I doing wrong here?
Have you tried running it from a flake? It may actually work in a flake since the flake is uploaded to the store first and relative paths become relative to that store path. If not, putting toString in front of the path will probably fix it.
I know it’s an old post, but for future references:
In pure evaluation mode, no file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. fetchGit and fetchMercurial accept a commit hash, while fetchurl and fetchTarball accept a sha256.
The easiest way to set it up would be to add your default.nix to a Git repo, make a commit, then use fetchGit with that specific commit. Example: