But I’ve also found that its scripts also use grep, sed, awk, stat, cp, mv, rm, cat, getopt, column, etc.
Should then gnugrep, gnused, gawk, coreutils and unixtools.getopt added to buildInputs
and also to wrapProgram? Or they are so common that they are expected to be present in the system?
If the build process doesn’t pick these up and adds their full paths to the final binary (or script), then they should be wrapped too. These programs may be in a typical PATH, but it is still an impurity – the program relies on a certain external state to be present. This may not always be the case, e.g. when a program is run in a sandbox or packaged in a Docker container.
Another comment (without looking at the derivation or knowing quilt), but if perl, bash, diffutils, etc. are only used in the wrapper, they do not have to be in buildInputs.
IDK I’d there is a policy but I prefer to pin all runtime dependencies. Especially because commands can be run from inside wrapped commands with a very spartan path.
I’ve found another case. fzf installs shell scripts that should be sourced by the shell. These scripts use perl, find, grep, sed, awk, cut, rm and ps, but only perl is patched:
Since these are scripts that are sourced by the shell, there is not executable to wrap with the proper paths, so that’s why it is patched directly in the file.
I would think that find, grep, sed, etc should also be patched with the proper store locations. Is it an oversight or the logic is that these are too common and more likely to be present in the system, so there is no need to pin them, they will be in the path.