-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Description
Describe the bug
At times, Nix (or users) will call internal, vendored files (like <nix/fetchurl.nix> and <nix/derivation-internal.nix>) for various operations. However, these can be shadowed by entries into $NIX_PATH from the environment, which will completely break some functionality - especially if the nix path entry actually contains files of the same name, as then Nix won't fall back to its internal files
Steps To Reproduce
mkdir -p not-internal-nixecho 'assert false; "womp womp"' > not-internal-nix/fetchurl.nixNIX_PATH="nix=$PWD/not-internal-nix" nix-instantiate -E "import <nix/fetchurl.nix>"- Observe the following error:
error:
… while calling the 'import' builtin
at «string»:1:1:
1| import <nix/fetchurl.nix>
| ^
… while evaluating the file '/home/atlas/not-internal-nix/fetchurl.nix':
error: assertion 'false' failed
at /home/atlas/not-internal-nix/fetchurl.nix:1:1:
1| assert false; "womp womp"
| ^
2|
Expected behavior
Internal Nix files are always used and the names of my path entries don't (silently) cause this unattended consequence
A more specific idea I had was to maybe limit the "regular" lookup paths here (i.e., use certain characters or make a longer string that will make it basically impossible to have these kinds of conflicts, unlike the more plausible nix entry name). This obviously wouldn't work for internal files like <nix/fetchurl.nix> that are meant to be consumed though...so maybe we could special case those "public" ones? Or just not allow entry names named nix to at least avoid this footgun?
Metadata
nix (Nix) 2.32.0pre20250925_099a74e
Additional context
I came across this after adding this repository as an input to my flake. It has this small snippet to add all of my flake's inputs to the system registry and then map those inputs to $NIX_PATH entries, creating the nix entry. I then hit #14062, and @xokdvium was able to figure out the extent and reasoning for this issue while we talked on Matrix. Thanks! :)
Checklist
- checked latest Nix manual (source)
- checked open bug issues and pull requests for possible duplicates
Add 👍 to issues you find important.