# HG changeset patch
# User Martin Bornhold <martin@rhodecode.com>
# Date 2016-10-13 12:04:23
# Node ID 980afc58bb929ab558fa0567cd9e3982cab5ab19
# Parent  90c96324d870a6c22669cb2f8515f8877e43bf60

nix: Use --set instead of --prefix for setting the PATH / PYTHONPATH

Using --set will not append the system PATH / PYTHONPATH to the
environment variable during wraping of executables. This will "lock-out"
programs and python modules from the system and only allow the ones
which are set during wrapping.

This means e.g. of git we make only our custom git available and
if thats missing we get an error instead of silently using the system
git (if installed)

diff --git a/default.nix b/default.nix
--- a/default.nix
+++ b/default.nix
@@ -112,7 +112,7 @@ let
         cp -v vcsserver/VERSION $out/nix-support/rccontrol/version
         echo "DONE: Meta information for rccontrol written"
 
-        ln -s ${self.pyramid}/bin/* $out/bin  #*/
+        ln -s ${self.pyramid}/bin/* $out/bin/
         ln -s ${self.gunicorn}/bin/gunicorn $out/bin/
 
         # Symlink version control utilities
@@ -124,9 +124,10 @@ let
         ln -s ${self.mercurial}/bin/hg $out/bin
         ln -s ${pkgs.subversion}/bin/svn* $out/bin
 
-        for file in $out/bin/*; do  #*/
+        for file in $out/bin/*; do
           wrapProgram $file \
-            --prefix PYTHONPATH : $PYTHONPATH \
+            --set PATH $PATH \
+            --set PYTHONPATH $PYTHONPATH \
             --set PYTHONHASHSEED random
         done
       '';