nix: fix removing user Nix profiles from PATH (#220)

When launching a devbox shell, we filter out any Nix user profiles from
the PATH (i.e., ~/.nix-profile). This fixes a couple of bugs with how we
determine if a PATH directory matches a Nix profile:

1. The `strings.HasPrefix("/Users", profileDir)` call is backwards.
2. Checking for `/Users` is macOS-specific and won't work on Linux.
Instead, check if the directory starts with `/nix` to determine if it's
the default system profile.

Author: gcurtis

nix/shell.go

@@ -370,7 +370,8 @@ func splitNixList(s string) []string {
 //
 //  1. Applies filepath.Clean.
 //  2. Removes the path if it's relative (must begin with '/' and not be '.').
-//  3. Removes the path if it's a descendant of a Nix profile directory.
+//  3. Removes the path if it's a descendant of a user Nix profile directory
+//     (the default Nix profile is kept).
 func cleanEnvPath(pathEnv string, nixProfileDirs []string) string {
 	split := filepath.SplitList(pathEnv)
 	if len(split) == 0 {
@@ -387,11 +388,14 @@ func cleanEnvPath(pathEnv string, nixProfileDirs []string) string {
 
 		keep := true
 		for _, profileDir := range nixProfileDirs {
-			// nixProfileDirs may be of the form: /nix/var/nix/profile/default or /Users/<username>/.nix-profile
-			// We want to keep the former, so that nix tools are available inside the shell.
-			// We want to filter out the latter, so that installed nix packages are not auto-included inside the shell.
-			//    This lets us maintain a veneer of pureness.
-			if strings.HasPrefix(path, profileDir) && strings.HasPrefix("/Users", profileDir) {
+			// nixProfileDirs may be of the form: /nix/var/nix/profile/default or
+			// $HOME/.nix-profile. The former contains Nix itself (nix-store, nix-env,
+			// etc.), which we want to keep so it's available in the shell. The latter
+			// contains programs that the user installed with Nix, which we want to filter
+			// out so that only devbox-managed Nix packages are available.
+			isProfileDir := strings.HasPrefix(path, profileDir)
+			isSystemProfile := strings.HasPrefix(profileDir, "/nix")
+			if isProfileDir && !isSystemProfile {
 				keep = false
 				break
 			}

nix/shell_test.go

@@ -89,3 +89,45 @@ If the new shellrc is correct, you can update the golden file with:
 		})
 	}
 }
+
+func TestCleanEnvPath(t *testing.T) {
+	tests := []struct {
+		name        string
+		nixProfiles []string
+		inPath      string
+		outPath     string
+	}{
+		{
+			name:        "RemoveUserNixProfileDarwin",
+			nixProfiles: []string{"/nix/var/nix/profiles/default", "/Users/test/.nix-profile"},
+			inPath:      "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/test/.nix-profile/bin:/nix/var/nix/profiles/default/bin",
+			outPath:     "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/nix/var/nix/profiles/default/bin",
+		},
+		{
+			name:        "RemoveUserNixProfileLinux",
+			nixProfiles: []string{"/nix/var/nix/profiles/default", "/home/test/.nix-profile"},
+			inPath:      "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/home/test/.nix-profile/bin:/nix/var/nix/profiles/default/bin",
+			outPath:     "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/nix/var/nix/profiles/default/bin",
+		},
+		{
+			name:        "NoNixProfiles",
+			nixProfiles: []string{},
+			inPath:      "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/home/test/.nix-profile/bin:/nix/var/nix/profiles/default/bin",
+			outPath:     "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/home/test/.nix-profile/bin:/nix/var/nix/profiles/default/bin",
+		},
+		{
+			name:        "NoRelativePaths",
+			nixProfiles: []string{},
+			inPath:      "/usr/local/bin:/usr/bin:../test:/bin:/usr/sbin:/sbin:.:..",
+			outPath:     "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			got := cleanEnvPath(test.inPath, test.nixProfiles)
+			if got != test.outPath {
+				t.Errorf("Got incorrect cleaned PATH.\ngot:  %s\nwant: %s", got, test.outPath)
+			}
+		})
+	}
+}