From 7879371bdc60fb228b2bcdec6a89f7a4ac64a379 Mon Sep 17 00:00:00 2001
From: Federico Cergol <imfede@users.noreply.github.com>
Date: Tue, 17 Sep 2024 17:11:33 +0200
Subject: [PATCH 1/3] fix: add `--impure` flag when calling print-dev-env

Signed-off-by: Federico Cergol <imfede@users.noreply.github.com>
---
 internal/nix/nix.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/nix/nix.go b/internal/nix/nix.go
index 7aed7ae9899..755e03cf85a 100644
--- a/internal/nix/nix.go
+++ b/internal/nix/nix.go
@@ -74,7 +74,7 @@ func (*Nix) PrintDevEnv(ctx context.Context, args *PrintDevEnvArgs) (*PrintDevEn
 	}
 
 	if len(data) == 0 {
-		cmd := command("print-dev-env", "--json",
+		cmd := command("print-dev-env", "--json", "--impure",
 			"path:"+flakeDirResolved,
 		)
 		slog.Debug("running print-dev-env cmd", "cmd", cmd)

From 38f046c5891da2d0e99e311f270ae4bd332aa225 Mon Sep 17 00:00:00 2001
From: Federico Cergol <fec@bendingspoons.com>
Date: Thu, 19 Sep 2024 10:38:47 +0200
Subject: [PATCH 2/3] feat: protect --impure behind feature flag

---
 internal/boxcli/featureflag/impure_print_dev_env.go | 12 ++++++++++++
 internal/nix/nix.go                                 |  7 ++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 internal/boxcli/featureflag/impure_print_dev_env.go

diff --git a/internal/boxcli/featureflag/impure_print_dev_env.go b/internal/boxcli/featureflag/impure_print_dev_env.go
new file mode 100644
index 00000000000..fc3744036aa
--- /dev/null
+++ b/internal/boxcli/featureflag/impure_print_dev_env.go
@@ -0,0 +1,12 @@
+// Copyright 2024 Jetify Inc. and contributors. All rights reserved.
+// Use of this source code is governed by the license in the LICENSE file.
+
+package featureflag
+
+// ImpurePrintDevEnv controls whether the `devbox print-dev-env` command
+// will be called with the `--impure` flag.
+// Using the `--impure` flag will have two consequences:
+//  1. All environment variables will be passed to nix, this will enable
+//     the usage of flakes that rely on environment variables.
+//  2. It will disable nix caching, making the command slower.
+var ImpurePrintDevEnv = disable("IMPURE_PRINT_DEV_ENV")
diff --git a/internal/nix/nix.go b/internal/nix/nix.go
index 755e03cf85a..cb15043955c 100644
--- a/internal/nix/nix.go
+++ b/internal/nix/nix.go
@@ -20,6 +20,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"go.jetpack.io/devbox/internal/boxcli/featureflag"
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
 	"go.jetpack.io/devbox/internal/redact"
 	"golang.org/x/mod/semver"
@@ -74,7 +75,11 @@ func (*Nix) PrintDevEnv(ctx context.Context, args *PrintDevEnvArgs) (*PrintDevEn
 	}
 
 	if len(data) == 0 {
-		cmd := command("print-dev-env", "--json", "--impure",
+		optionalImpureFlag := ""
+		if featureflag.ImpurePrintDevEnv.Enabled() {
+			optionalImpureFlag = "--impure"
+		}
+		cmd := command("print-dev-env", "--json", optionalImpureFlag,
 			"path:"+flakeDirResolved,
 		)
 		slog.Debug("running print-dev-env cmd", "cmd", cmd)

From 579a37b3972fd357520eb422f8c6945618037115 Mon Sep 17 00:00:00 2001
From: Federico Cergol <fec@bendingspoons.com>
Date: Fri, 20 Sep 2024 15:50:45 +0200
Subject: [PATCH 3/3] fix: empty argument

---
 internal/nix/nix.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/internal/nix/nix.go b/internal/nix/nix.go
index cb15043955c..8104354f0eb 100644
--- a/internal/nix/nix.go
+++ b/internal/nix/nix.go
@@ -75,13 +75,11 @@ func (*Nix) PrintDevEnv(ctx context.Context, args *PrintDevEnvArgs) (*PrintDevEn
 	}
 
 	if len(data) == 0 {
-		optionalImpureFlag := ""
+		cmd := command("print-dev-env", "--json")
 		if featureflag.ImpurePrintDevEnv.Enabled() {
-			optionalImpureFlag = "--impure"
+			cmd.Args = append(cmd.Args, "--impure")
 		}
-		cmd := command("print-dev-env", "--json", optionalImpureFlag,
-			"path:"+flakeDirResolved,
-		)
+		cmd.Args = append(cmd.Args, "path:"+flakeDirResolved)
 		slog.Debug("running print-dev-env cmd", "cmd", cmd)
 		data, err = cmd.Output(ctx)
 		if insecure, insecureErr := IsExitErrorInsecurePackage(err, "" /*pkgName*/, "" /*installable*/); insecure {