- Output store paths are not writable, so the variables for outputs need to be overridden to writable paths.
- Other environment variables may be inconsistent with a `nix-build` either due to `nix-shell`'s initialization script or due to the use of `nix-shell` without the `--pure` option.
If the build fails differently inside the shell than in the sandbox, consider using [`breakpointHook`](#breakpointhook) and invoking `nix-build` instead.
The [`--keep-failed`](https://nixos.org/manual/nix/unstable/command-ref/conf-file#opt--keep-failed) option for `nix-build` may also be useful to examine the build directory of a failed build.
:::
## Tools provided by `stdenv` {#sec-tools-of-stdenv}
The standard environment provides the following packages:
- The GNU C Compiler, configured with C and C++ support.
- GNU coreutils (contains a few dozen standard Unix commands).
- GNU findutils (contains `find`).
- GNU diffutils (contains `diff`, `cmp`).
- GNU `sed`.
- GNU `grep`.
- GNU `awk`.
- GNU `tar`.
- `gzip`, `bzip2` and `xz`.
- GNU Make.
- Bash. This is the shell used for all builders in the Nix Packages collection. Not using `/bin/sh` removes a large source of portability problems.
- The `patch` command.
On Linux, `stdenv` also includes the `patchelf` utility.
## Specifying dependencies {#ssec-stdenv-dependencies}
Build systems often require more dependencies than just what `stdenv` provides. This section describes attributes accepted by `stdenv.mkDerivation` that can be used to make these dependencies available to the build system.
### Overview {#ssec-stdenv-dependencies-overview}
A full reference of the different kinds of dependencies is provided in [](#ssec-stdenv-dependencies-reference), but here is an overview of the most common ones.
It should cover most use cases.
Add dependencies to `nativeBuildInputs` if they are executed during the build:
- those which are needed on `$PATH` during the build, for example `cmake` and `pkg-config`
- [setup hooks](#ssec-setup-hooks), for example [`makeWrapper`](#fun-makeWrapper)
- interpreters needed by [`patchShebangs`](#patch-shebangs.sh) for build scripts (with the `--build` flag), which can be the case for e.g. `perl`
Add dependencies to `buildInputs` if they will end up copied or linked into the final output or otherwise used at runtime:
- libraries used by compilers, for example `zlib`,
- interpreters needed by [`patchShebangs`](#patch-shebangs.sh) for scripts which are installed, which can be the case for e.g. `perl`
::: {.note}
These criteria are independent.
For example, software using Wayland usually needs the `wayland` library at runtime, so `wayland` should be added to `buildInputs`.
But it also executes the `wayland-scanner` program as part of the build to generate code, so `wayland` should also be added to `nativeBuildInputs`.
:::
Dependencies needed only to run tests are similarly classified between native (executed during build) and non-native (executed at runtime):
- `nativeCheckInputs` for test tools needed on `$PATH` (such as `ctest`) and [setup hooks](#ssec-setup-hooks) (for example [`pytestCheckHook`](#python))
- `checkInputs` for libraries linked into test executables (for example the `qcheck` OCaml package)
These dependencies are only injected when [`doCheck`](#var-stdenv-doCheck) is set to `true`.
#### Example {#ssec-stdenv-dependencies-overview-example}
Consider for example this simplified derivation for `solo5`, a sandboxing tool:
```nix
stdenv.mkDerivation (finalAttrs: {
pname = "solo5";
version = "0.7.5";
src = fetchurl {
url = "https://github.com/Solo5/solo5/releases/download/v${finalAttrs.version}/solo5-v${finalAttrs.version}.tar.gz";
hash = "sha256-viwrS9lnaU8sTGuzK/+L/PlMM/xRRtgVuK5pixVeDEw=";
};
nativeBuildInputs = [
makeWrapper
pkg-config
];
buildInputs = [ libseccomp ];
postInstall = ''
substituteInPlace $out/bin/solo5-virtio-mkimage \
--replace-fail "/usr/lib/syslinux" "${syslinux}/share/syslinux" \
--replace-fail "/usr/share/syslinux" "${syslinux}/share/syslinux" \