Loading pkgs/by-name/op/openclaw/package.nix +12 −6 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ versionCheckHook, rolldown, installShellFiles, version ? "2026.4.21", version ? "2026.4.22", }: stdenvNoCC.mkDerivation (finalAttrs: { pname = "openclaw"; Loading @@ -21,10 +21,10 @@ stdenvNoCC.mkDerivation (finalAttrs: { owner = "openclaw"; repo = "openclaw"; tag = "v${finalAttrs.version}"; hash = "sha256-K1Pl9lXzGKfoq/fXWxYX5PoY3IBzJr0PPstUDGET/gs="; hash = "sha256-BB+stGBDgMRAPHrVWJS2dFRjw2WrVrFdVf/23Tq1UeA="; }; pnpmDepsHash = "sha256-FDajXHs4s0+QDRPq4ZxQWWW9rqeSJVYACAl/5Mw2Agc="; pnpmDepsHash = "sha256-z45mB/w7sorAE3CTliDpvMm9eq+/l9L/mmhYJt0t9O4="; pnpmDeps = fetchPnpmDeps { inherit (finalAttrs) pname version src; Loading Loading @@ -78,6 +78,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { pluginDir, pruneConfig, repoRoot, stampPath, }) ) { continue; Loading @@ -90,6 +91,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { pluginDir, pruneConfig, repoRoot, stampPath, }) ) { continue; Loading Loading @@ -135,9 +137,9 @@ stdenvNoCC.mkDerivation (finalAttrs: { in '' installShellCompletion --cmd openclaw \ --bash <(${emulator} $out/bin/openclaw completion --shell bash) \ --fish <(${emulator} $out/bin/openclaw completion --shell fish) \ --zsh <(${emulator} $out/bin/openclaw completion --shell zsh) --bash <(OPENCLAW_SKIP_PLUGIN_CLI=1 ${emulator} $out/bin/openclaw completion --shell bash) \ --fish <(OPENCLAW_SKIP_PLUGIN_CLI=1 ${emulator} $out/bin/openclaw completion --shell fish) \ --zsh <(OPENCLAW_SKIP_PLUGIN_CLI=1 ${emulator} $out/bin/openclaw completion --shell zsh) '' ); Loading @@ -146,6 +148,10 @@ stdenvNoCC.mkDerivation (finalAttrs: { passthru.updateScript = ./update.sh; patches = [ ./skip-bundled-runtime-install.patch ]; meta = { description = "Self-hosted, open-source AI assistant/agent"; longDescription = '' Loading pkgs/by-name/op/openclaw/skip-bundled-runtime-install.patch 0 → 100644 +17 −0 Original line number Diff line number Diff line diff --git a/src/plugins/bundled-runtime-deps.ts b/src/plugins/bundled-runtime-deps.ts index 5dca7aa..fac598b 100644 --- a/src/plugins/bundled-runtime-deps.ts +++ b/src/plugins/bundled-runtime-deps.ts @@ -823,6 +823,12 @@ export function installBundledRuntimeDeps(params: { missingSpecs: string[]; env: NodeJS.ProcessEnv; }): void { + // Refuse to spawn `npm install` in environments that opt out (e.g. the Nix + // build sandbox). Bundled runtime deps are expected to already be staged by + // the package build; a runtime install would require network access. + if (params.env.OPENCLAW_SKIP_PLUGIN_CLI === "1") { + throw new Error("bundled runtime deps install skipped (OPENCLAW_SKIP_PLUGIN_CLI=1)"); + } const installExecutionRoot = params.installExecutionRoot ?? params.installRoot; fs.mkdirSync(params.installRoot, { recursive: true }); fs.mkdirSync(installExecutionRoot, { recursive: true }); Loading
pkgs/by-name/op/openclaw/package.nix +12 −6 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ versionCheckHook, rolldown, installShellFiles, version ? "2026.4.21", version ? "2026.4.22", }: stdenvNoCC.mkDerivation (finalAttrs: { pname = "openclaw"; Loading @@ -21,10 +21,10 @@ stdenvNoCC.mkDerivation (finalAttrs: { owner = "openclaw"; repo = "openclaw"; tag = "v${finalAttrs.version}"; hash = "sha256-K1Pl9lXzGKfoq/fXWxYX5PoY3IBzJr0PPstUDGET/gs="; hash = "sha256-BB+stGBDgMRAPHrVWJS2dFRjw2WrVrFdVf/23Tq1UeA="; }; pnpmDepsHash = "sha256-FDajXHs4s0+QDRPq4ZxQWWW9rqeSJVYACAl/5Mw2Agc="; pnpmDepsHash = "sha256-z45mB/w7sorAE3CTliDpvMm9eq+/l9L/mmhYJt0t9O4="; pnpmDeps = fetchPnpmDeps { inherit (finalAttrs) pname version src; Loading Loading @@ -78,6 +78,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { pluginDir, pruneConfig, repoRoot, stampPath, }) ) { continue; Loading @@ -90,6 +91,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { pluginDir, pruneConfig, repoRoot, stampPath, }) ) { continue; Loading Loading @@ -135,9 +137,9 @@ stdenvNoCC.mkDerivation (finalAttrs: { in '' installShellCompletion --cmd openclaw \ --bash <(${emulator} $out/bin/openclaw completion --shell bash) \ --fish <(${emulator} $out/bin/openclaw completion --shell fish) \ --zsh <(${emulator} $out/bin/openclaw completion --shell zsh) --bash <(OPENCLAW_SKIP_PLUGIN_CLI=1 ${emulator} $out/bin/openclaw completion --shell bash) \ --fish <(OPENCLAW_SKIP_PLUGIN_CLI=1 ${emulator} $out/bin/openclaw completion --shell fish) \ --zsh <(OPENCLAW_SKIP_PLUGIN_CLI=1 ${emulator} $out/bin/openclaw completion --shell zsh) '' ); Loading @@ -146,6 +148,10 @@ stdenvNoCC.mkDerivation (finalAttrs: { passthru.updateScript = ./update.sh; patches = [ ./skip-bundled-runtime-install.patch ]; meta = { description = "Self-hosted, open-source AI assistant/agent"; longDescription = '' Loading
pkgs/by-name/op/openclaw/skip-bundled-runtime-install.patch 0 → 100644 +17 −0 Original line number Diff line number Diff line diff --git a/src/plugins/bundled-runtime-deps.ts b/src/plugins/bundled-runtime-deps.ts index 5dca7aa..fac598b 100644 --- a/src/plugins/bundled-runtime-deps.ts +++ b/src/plugins/bundled-runtime-deps.ts @@ -823,6 +823,12 @@ export function installBundledRuntimeDeps(params: { missingSpecs: string[]; env: NodeJS.ProcessEnv; }): void { + // Refuse to spawn `npm install` in environments that opt out (e.g. the Nix + // build sandbox). Bundled runtime deps are expected to already be staged by + // the package build; a runtime install would require network access. + if (params.env.OPENCLAW_SKIP_PLUGIN_CLI === "1") { + throw new Error("bundled runtime deps install skipped (OPENCLAW_SKIP_PLUGIN_CLI=1)"); + } const installExecutionRoot = params.installExecutionRoot ?? params.installRoot; fs.mkdirSync(params.installRoot, { recursive: true }); fs.mkdirSync(installExecutionRoot, { recursive: true });
