writeShellApplication instead of writeShellScriptBin?

[n8henrie]

Would you consider a PR that replaces writeShellScriptBin with writeShellApplication?

For a security-focused package, having all the shell code automatically shellchecked might help eliminate potential bugs.

If not a good idea, I'd love to learn why (it certainly seems that writeShellScriptBin is more common in the wild).

[ryantm]

Yes. I have a pending PR that shellchecks it. #139

[n8henrie]

Glad to see it!

The substituteAll approach seems commonplace, but to a nix newbie certainly looks kludgy at first glance, and I don't really understand why writeShellApplication is not more common. As I'm sure you know it does little more than set some bash "safe-mode" settings (that agenix is already using, so could be removed), run shellcheck automatically (obviating the need for your effort that commit), and provide some PATH helpers (which would avoid the need to manually specify e.g. sedBin vs just sed).

It looks like you have over 4k commits to nixpkgs, so I'm sure none of this is news to you, and I'm not asking out of criticism just out of curiosity -- is there a reason you chose / people seem to use writeShellScriptBin over writeShellApplication?

[ryantm]

is there a reason you chose / people seem to use writeShellScriptBin over writeShellApplication?

It might be there mostly for backward compatible reasons.

4k commits to nixpkgs

A lot of my commits are automated version bumps before I moved those over to @r-ryantm, but yeah, I've been around the block a few times :)

I've merged #139 so I'm going to close this. I wrote some reasons why I choose to use mkDerivation there.