Is it possible to let Nix Package Manager to install runtime dependencies only?

Question

I am currently building some docker images.

I found that the Linux distribution I was using was hard to adapt to Docker multi-stage builds until I found Nix.

With Nix, I can copy files among images (COPY --from=source/image /nix/store /nix/store) without worrying about conflicts and breaking things.

But I found that it installed too many things after running nix-env -i curl command.

warning: there are multiple derivations named 'curl-7.60.0'; using the first one
installing 'curl-7.60.0'
these paths will be fetched (49.44 MiB download, 203.64 MiB unpacked):
  /nix/store/0yaiablzxhd8ki5qan156ydz78grlav7-nghttp2-1.32.0-bin
  /nix/store/0zvcf4dnlcd4bk84qmxcxm1pbc534chv-openssl-1.0.2o-bin
  /nix/store/3xvnr0y2mx7g8b796rb9p77bjfbaw03h-linux-headers-4.15
  /nix/store/4bikvz91b83sycavf35lmby65m6zxgch-libssh2-1.8.0-dev
  /nix/store/504vcw350rp1yh31razv0mq2vsgp0izh-libkrb5-1.15.2-dev
  /nix/store/5gzy6cacylfb0lha2yd0i0as0k1d0d5v-libev-4.24
  /nix/store/5xnniwzazzlg6qinhrwammxxwsq5c1di-nghttp2-1.32.0-dev
  /nix/store/7l1smzwil1kxyyfayzl6lg1hw9m4iwmw-nghttp2-1.32.0
  /nix/store/8zkg9ac4s4alzyf4a8kfrig1j73z66dw-bash-4.4-p23
  /nix/store/93ljbaqhsipwamcn1acrv94jm6rjpcnd-acl-2.2.52
  /nix/store/dgp8mnf40pmwh8ghpcfda1vcwcy34w6z-curl-7.60.0-devdoc
  /nix/store/gbddfvxzjjqpgkr17whn8ynh9z8afz8l-curl-7.60.0-debug
  /nix/store/imfm3gk3qchmyv7684pjpm8irvkdrrkk-gcc-7.3.0
  /nix/store/jg9yh6cm4iwcpl4l18g7mr9y7sdwav5q-curl-7.60.0-dev
  /nix/store/jsmnk16iwb9xrm3c6jv2fyxkh7xr7q3j-curl-7.60.0-man
  /nix/store/lyd89mv72m8a0aw1a4idfimyi0rb2b13-glibc-2.27-dev
  /nix/store/n7qp8pffvcb5ff52l2nrc3g2wvxfrk75-coreutils-8.29
  /nix/store/pa4q0szxz23bd6srry91gmw08fmwgfw2-libkrb5-1.15.2
  /nix/store/q239yikz665n4a5rff7rg2vc7jpay6xb-openssl-1.0.2o-dev
  /nix/store/rmq6gnybmxxzpssj3s63sfjivlq4inrm-attr-2.4.47
  /nix/store/szdi35clpzj13c8dhfzh55fj6hk0z8j6-glibc-2.27-bin
  /nix/store/v5xh3glylamhfg586hcykn6hlk4n41dh-nghttp2-1.32.0-lib
  /nix/store/vawc9a89l53mf05yq0k1910q7dakd99w-perl-5.24.3
  /nix/store/vl5k9m1pjkd6cm9125afic1kj06y4i6b-curl-7.60.0-bin
  /nix/store/y8cfvcvya61l260jil989lcmkia5b5gh-zlib-1.2.11-dev
  /nix/store/z4k2pbdd8pz9mjc0p5394j0zp435fcc5-curl-7.60.0

It is important to keep docker images slim and I do not think curl need dependencies like gcc or linux-headers at runtime.

Is there a way for Nix to exclude the dependencies of these source or dev libraries?

Answer 1

Build dependencies become runtime dependencies whenever a path name to the build dependency is included in the package. This is necessary because there is no general way to tell whether such a reference is actually used by a program.

The best way to avoid having build dependencies in your closures is by not referencing them in the first place. The next best thing is to understand why the reference is there and, if safe, modify the package build script to remove the reference.

In order to figure out where these references come from, you can make use of the Nix 2.0 nix why-depends command. It will tell you the shortest path, or all paths that lead from the first argument package to the second argument package. You can also use store paths instead of the attribute paths in the examples of nix why-depends --help.

The method for removing the dependency depends on the referencing package, so there's no general formula for that. General hacks to remove the reference in unsafe ways exist, but they are probably not worth the risk.