The `PYTHONNOUSERSITE` was exported to prevent impurities during
runtime. The downside of exporting environment variables is that they
always propagate all the way down the process tree, unless they are
explicitly unset at some point. Using the `-s` argument applies it only
to the process executed in the wrapper. That way, subprocesses are free
to do impure things.
This continues #23374, which always kept around both attributes, by
always including both propagated files: `propgated-native-build-inputs`
and `propagated-build-inputs`. `nativePkgs` and `crossPkgs` are still
defined as before, however, so this change should only barely
observable.
This is an incremental step to fully keeping the dependencies separate
in all cases.
Thus far all executables in a derivation were wrapped. This commit
only wraps executables in $out/bin. If other scripts need to be wrapped
as well, then one can use wrapPythonProgramsIn.
Frederik Rietdijk
John Ericson
Nikolay Amiantov