NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.05k stars 14.04k forks source link

nix-shell uses hobbled bash in user PATH #26427

Open kojiromike opened 7 years ago

kojiromike commented 7 years ago

Issue description

nix-shell adds a bunch of paths to PATH. Among other things, the path for bash is not a healthy user bash, but one from /etc/nix/nix.conf build-sandbox-paths. That bash has many features disabled and is not usable by a regular user.

Steps to reproduce

Look at your /etc/nix/nix.conf build-sandbox-paths for the path to bash. Look at your PATH - verify that the build-sandbox-paths bash is not in there. Enter a nix-shell Look at your PATH again - verify that the build-sandbox-paths bash is in there. Run bash in your nix-shell. Check if the 'complete' command or other standard bash features are available.

Technical details

lheckemann commented 7 years ago

I think this is mostly desirable behaviour, as it will more accurately match the environment that derivations are built in. Is there a good reason you need to launch another bash instance within a nix-shell? You may want to consider using /run/current-system/sw/bin/bash instead of bash in such cases.

copumpkin commented 7 years ago

I think this ties into the usual "there are two reasons people want to run nix-shell" spiel: some people want to debug Nix derivations (probably even with accurate sandbox emulation if desired), and others just want a better virtualenv to do arbitrary things with an arbitrary set of packages in scope, ideally with customizable shells, completions, and various other user-friendly niceties that make no sense inside a derivation. I think @edolstra's work on a new Nix UI calls one nix shell and the other nix use but I haven't checked recently.

kojiromike commented 7 years ago

Indeed, my real default.nix is basically the one described in the contributors guide as how to mimic virtualenv. On Tue, Jun 6, 2017 at 15:30 Daniel Peebles notifications@github.com wrote:

I think this ties into the usual "there are two reasons people want to run nix-shell" spiel: some people want to debug Nix derivations (probably even with accurate sandbox emulation if desired), and others just want a better virtualenv to do arbitrary things with an arbitrary set of packages in scope, ideally with customizable shells, completions, and various other user-friendly niceties that make no sense inside a derivation. I think @edolstra https://github.com/edolstra's work on a new Nix UI calls one nix shell and the other nix use but I haven't checked recently.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/NixOS/nixpkgs/issues/26427#issuecomment-306592551, or mute the thread https://github.com/notifications/unsubscribe-auth/ABfmX_3jsleOjccbFD3kw_8Epz_7husPks5sBajLgaJpZM4Nxijc .

lheckemann commented 7 years ago

Oh yes, of course you should be able to get a fully-functional bash by adding bashInteractive to the environment — I think it should take priority over stdenv's bash.

edolstra commented 7 years ago

nix-shell does not use bash from build-sandbox-paths. It uses $NIX_BUILD_SHELL from the caller's environment if set, and bash from $PATH otherwise. (That's $PATH from the caller's environment, unless the derivation has a PATH attribute, but that's rare.) So if the bash in your environment is an interactive bash, then that's what you should get.

kojiromike commented 7 years ago

It's not that nix-shell starts with the bad bash, but it still modifies PATH in such a way that that bash is on top. So any command that itself subs to bash gets the wrong bash.

$ type bash
bash is /run/current-system/sw/bin/bash
$ bash -c 'type complete'
complete is a shell builtin
$ grep fi3mbd /etc/nix/nix.conf
build-sandbox-paths =  /bin/sh=/nix/store/fi3mbd2ml4pbgzyasrlnp0wyy6qi48fh-bash-4.4-p5/bin/bash /nix/store/7crrmih8c52r8fbnqb933dxrsp44md93-glibc-2.25 /nix/store/fi3mbd2ml4pbgzyasrlnp0wyy6qi48fh-bash-4.4-p5
$ echo $PATH | grep -o fi3mbd || echo nope
nope
$ nix-shell
...
nix-shell $ echo $PATH | grep -o fi3mbd || echo nope
fi3mbd
fi3mbd
nix-shell $ type bash
bash is /nix/store/fi3mbd2ml4pbgzyasrlnp0wyy6qi48fh-bash-4.4-p5/bin/bash
nix-shell $ bash -c 'type complete'
bash: line 0: type: complete: not found

And my real-world problem:

nix-shell $ salt-run state.orch update.preprod
[WARNING ] Attempt to run a shell command with what may be an invalid shell! Check to ensure that the shell </nix/store/fi3mbd2ml4pbgzyasrlnp0wyy6qi48fh-bash-4.4-p5/bin/bash> is valid for this user.
[ERROR   ] Template was specified incorrectly: False
lheckemann commented 6 years ago

This is fixed with c94f3d5575d7af5403274d1e9e2f3c9d72989751 AFAIK. EDIT: No it isn't.

stale[bot] commented 4 years ago

Thank you for your contributions.

This has been automatically marked as stale because it has had no activity for 180 days.

If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.

Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse.
  3. Ask on the #nixos channel on irc.freenode.net.
bgamari commented 4 years ago

This is still important to me. nix-shell is currently quite painful to use as a development environment, despite this being the recommended workflow under NixOS.

tshakah commented 4 years ago

I just hit this as well whilst building an Elixir release - it is copying in the sandboxed bash path into all the generated files.

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info