(I posted this question as an issue here <https://github.com/NixOS/nix/issues/903>, before realizing its more of a mailing list question.)
I'm using the Haskell stack tool's nix integration, which launches everything through a nix-shell. Even running with --pure, nix-shell seems really impure compared to nix-build. It not only mounts directories, it sources the bashrc from the host system! Is there any way to lock down nix-shell more using current configuration options? If not, is there any plan to make nix-shell more pure? This is especially concerning because I thought that shebang lines with nix-shell were a great way to get reproducible scripts. But now I realize that those scripts are much more impure and less reproducible than I thought. Thanks, -Ryan Ryan R. Newton (812) 856-4205 Asst. Professor Indiana University - School of Informatics & Computing Lindley Hall 230H http://www.cs.indiana.edu/~rrnewton/
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
