If I try to investigate a working build with nix-shell, e.g.
$ nix-shell -A pkgs.openttd $ echo $out /nix/store/9kwby2bc06hr33jys9jla5knl1m7c631-openttd-1.9.2
This is the same
$ nix-build -A pkgs.openttd --dry-run these paths will be fetched (16.22 MiB download, 34.37 MiB unpacked): /nix/store/9kwby2bc06hr33jys9jla5knl1m7c631-openttd-1.9.2
What worries me is I’ll go into
nix-shell, mess up some stuff (impurely) and run e.g.
genericBuild which will interfere with existing files at
$out and break the closure.
$ nix-build -A pkgs.foo $ nix-shell -A pkgs.foo $ touch $out/new_file
Trying it out, it looks like I get “permission denied”, which is probably making it safe, but it means I can’t manually test-run
genericBuild (and if I put
chmods in my derivations might not be safe?)
Perhaps when running in the shell an extra dummy attribute could be set in the derivation so that the checksum is different?