Suppose I have a project with shell.nix, is there a way I can write a derivation which runs some commands using nix-shell during building? Sandboxed nix builds would provide stronger isolation & reproducibility guarantees than nix-shell --pure.
I read that there’s a “recursive nix” feature now, but it seems to require nix unstable and flip on a feature flag. Is there a general way of doing this, instead of overriding certain phases manually in the shell.nix derivation? Thanks.
When you build a derivation, nix essentially does what nix-shell does with the packages defined in *buildInputs and a handful considered the stdenv if you use stdenv.mkDerivation. In fact, the derivation environment is further locked down with user namespaces.
I’m not sure what you’d like to achieve with this - can you give an example?
If you’d like to have an environment without the basic build utils then you can write a raw derivation by hand. Maybe read this nix pill on the topic: Nix Pills | Nix & NixOS