Task description
I want to make sure that no derivation I install has no run-time dependency on specified set of derivation. If I ask nix-env
to install package that has such run-time dependency, I want it to say that I am asking for impossible. Build-dependencies are fine. I want to avoid huge cascade rebuilds, though.
In other words, I want to make sure that derivation with name = evil
never reaches my Nix store, but I am fine that it was used to build other derivations on Hydra. Here is what I tried:
Failed attempt: use derivation meta
attribute
self: super: {
evil = super.evil // { meta.broken = True; };
}
but this makes nix-env
to refuse install programs that has build-time dependencies on evil
, for example it refuses to install go
or haskell
programs (which are statically linked) because compiler has some transitive dependency on evil
.
Failed attempt: replace evil
with something harmless
I write overlay that replaces evil
:
self: super {
evil = super.harmless; # e.g super.busybox
}
it causes major cascade rebuild.
Random idea
If there is function, like this:
self: super: {
ghc = forget_about_dependencies_but_retain_hash_yes_I_know_what_I_Do [super.evil] super.ghc;
# same for rustc, go and other compilers that link statically.
}
that would be 90% solution for me.
It seems impossible to prevent some derivation from being in store, but it is possible to make sure profile does not contain run-time dependencies:
So, if you put all derivations you want in "world", you can be sure that
evil
andugly
are not in dependencies. But they will be downloaded into store to build "world", even if they are not actually used by any derivations inpaths
.