Nix packaging, the heretic way

One difficulty when using Nix is that it’s possible to hit a purity wall. A dependency is not in nixpkgs (yet), and you have to package it yourself. But the project does some impure things during the build. It’s using some esoteric language that doesn’t have a <lang>2nix tool yet.

And sometimes it’s hard to go to your customer/boss and tell them you have to spend the next 3 weeks doing “things right”(tm).

Luckily there is a workaround available, and this is why I’m writing this article. To show a quick but impure alternative that can be used in a pinch.

By default, derivations are built in a sandboxed environment, that doesn’t allow them to use the network. This is one of the core features that is used to make builds more reproducible. And also one of the main reasons why an impure build would fail.

By adding __noChroot = true on a derivation, it turns off the sandbox selectively for that derivation. Note that all users also need to have sandbox = relaxed set in their nix.conf or nixConfig.sandbox = "relaxed" in their flake.nix.

Leave a Comment