NixOS
flake: Bump nixpkgs to 25.11
Motivation
25.11 is out and we should follow suit.
Context
Add :+1: to pull requests you find important.
The Nix maintainer team uses a GitHub project board to schedule and track reviews.
Nixpkgs changed so that separateDebugInfo = true; and setting {dis,}allowed{References,Requisites} now requires __structuredAttrs = true;
When I tried to fix that by setting __structuredAttrs, we get an error about nix not being allowed to refer to store paths. I tracked this down to tests/nixos/functional/common.nix
system.extraDependencies = [
(inputDerivation config.nix.package)
];
The inputDerivation function is meant to strip disallowedReferences
# FIXME (roberth) reference issue
inputDerivation =
pkg:
(pkg.overrideAttrs (o: {
disallowedReferences = [ ];
})).inputDerivation;
It seems like this is no longer working. I am also seeing
structuredAttrs is incompatible with {dis,}allowed{References,Requisites} which seems possibly related, but doesn't seem to be triggering, as I'm not seeing those warnings.
Things I haven't been able to figure out:
- Why are we adding this to
extraDependencies? - Where does
disallowedReferencesget set to non-empty value to begin with?
This update also seems to make clangd dysfunctional. Still investingating...
I can reproduce the __structuredAttrs allowedReferences error with the following:
(pkgs.hello.overrideAttrs {
__structuredAttrs = true;
}).inputDerivation
This complains about the output not being allowed to refer to output paths.
I was suspicious of allowedReferences = null; in the implementation of inputDerivation, so I tried
let
__structuredAttrs = true;
in
derivation ({
inherit __structuredAttrs;
system = "x86_64-linux";
name = "test";
outputs = [ "out" ];
builder = pkgs.stdenv.shell;
args = [
"-c"
''
out="${placeholder "out"}"
echo "$out" > $out
''
];
} // (
let
sharedOutputChecks = {
allowedReferences = null;
};
in
if __structuredAttrs then
{
outputChecks.out = sharedOutputChecks;
}
else
sharedOutputChecks
)
)
And it does give the same error!
...But also it gives the same error when __structuredAttrs = false;, which hello.inputDerivation does not.
Created a Hydra jobset for this: https://hydra.nixos.org/jobset/nix/pr-14688
@Ericson2314
Error we're talking about:
$ nix build --file ci/gha/tests/wrapper.nix vmTests -L
warning: Git tree '/home/taeer/nix/feature' is dirty
nix> structuredAttrs is enabled
nix> Running phase: unpackPhase
nix> unpacking source archive /nix/store/8hn4d3fqrdm8m3xli82srl61cla558lz-source
nix> source root is source/./src/nix
nix> separate-debug-info: recording checksum of source files for debug support...
nix> Running phase: patchPhase
nix> Running phase: updateAutotoolsGnuConfigScriptsPhase
nix> Running phase: configurePhase
error: output '/nix/store/43hp1kmkmwrc4aj9mkg9jm21zpms5ml1-nix-2.33.0pre20251202_dirty' is not allowed to refer to the following paths:
/nix/store/43hp1kmkmwrc4aj9mkg9jm21zpms5ml1-nix-2.33.0pre20251202_dirty
/nix/store/8hn4d3fqrdm8m3xli82srl61cla558lz-source
/nix/store/8vdiwpbh0g4avsd6x5v4s0di32vcl3dp-pkg-config-wrapper-0.29.2
/nix/store/f8gicbns4hymkc8k82h6c1cnz4pjs7ip-meson-1.9.1
/nix/store/id7y5lqs2f0ncpgchv4sz0rdvigb1hr3-nix-main-2.33.0pre-dev
/nix/store/k3s2hp2b998y6kgnhh6776wlq1wq6cv8-nix-expr-2.33.0pre-dev
/nix/store/ki1dggqs72qp76wispii5mh5i5fc5pw5-nix-cmd-2.33.0pre-dev
/nix/store/l622p70vy8k5sh7y5wizi5f2mic6ynpg-source-stdenv.sh
/nix/store/nib1r4k4cqph7zjjnbfc1d6cbg11qr76-ninja-1.13.1
/nix/store/r989dk196nl9frhnfsa1lb7knhbyjxw6-separate-debug-info.sh
/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3
/nix/store/s3w5m3spa1g71hx0yb82lvk6394j3w5j-stdenv-linux
/nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
/nix/store/yd1gbn35z6h6wz6hqkg9xx1gndnp72x9-nix-store-2.33.0pre-dev
error: 1 dependencies of derivation '/nix/store/7pxcrn9lswxg48z1cn46lw4c60gpwiyi-nixos-system-machine-test.drv' failed to build
error: 1 dependencies of derivation '/nix/store/94hvbyr1xbd6fq32iq67ba0ky0k623ws-nixos-vm.drv' failed to build
error: 1 dependencies of derivation '/nix/store/x7j65f0f1vq24li4g4yd8wwris0kc72r-nixos-test-driver-functional-tests-on-nixos_user.drv' failed to build
error: 1 dependencies of derivation '/nix/store/3sab930sk1pj2cpzv8d05jmqkl64a8d6-vm-test-run-functional-tests-on-nixos_user.drv' failed to build
error: build of '/nix/store/3sab930sk1pj2cpzv8d05jmqkl64a8d6-vm-test-run-functional-tests-on-nixos_user.drv^out', '/nix/store/6h8a4fsm3n2n61788yk33x7n76yc0wch-vm-test-run-nix-docker.drv^out', '/nix/store/d9jf2ligw8hqjbl2ifm3jzm73gyijk6m-eval-nixos.drv^out', '/nix/store/nis2kpbldq3xwic2dpp64sdb80mcqv8b-vm-test-run-tarball-flakes.drv^out', '/nix/store/xb95cnp5vzp89gb6a39clq5y131yzgq5-vm-test-run-github-flakes.drv^out', '/nix/store/yjx3i08bw69bk6q2xj4svp4rml01aah6-vm-test-run-curl-s3-binary-cache-store.drv^out' failed
foo.nix
{
hello_structured_attrs_input_drv = (pkgs.hello.overrideAttrs {
__structuredAttrs = true;
}).inputDerivation;
hello_normal_input_drv = pkgs.hello.inputDerivation;
custom_structured_attrs = derivation {
__structuredAttrs = true;
system = "x86_64-linux";
name = "test";
outputs = [ "out" ];
builder = pkgs.stdenv.shell;
args = [
"-c"
''
out="${placeholder "out"}"
echo "$out" > $out
''
];
outputChecks.out = {
allowedReferences = null;
allowedRequisites = null;
disallowedReferences = [ ];
disallowedRequisites = [ ];
};
};
custom_normal = derivation {
system = "x86_64-linux";
name = "test";
outputs = [ "out" ];
builder = pkgs.stdenv.shell;
args = [
"-c"
''
out="${placeholder "out"}"
echo "$out" > $out
''
];
allowedReferences = null;
allowedRequisites = null;
disallowedReferences = [ ];
disallowedRequisites = [ ];
};
}
nix-build commands & output
$ nix-build ./foo.nix -A hello_structured_attrs_input_drv
this derivation will be built:
/nix/store/7hx8ppgiww8y85wn0m3lznaz82kjd09a-hello-2.12.2.drv
building '/nix/store/7hx8ppgiww8y85wn0m3lznaz82kjd09a-hello-2.12.2.drv'...
error: output '/nix/store/75swj9mcras6j1npnci3aaqqaq2dnnbr-hello-2.12.2' is not allowed to refer to the following paths:
/nix/store/75swj9mcras6j1npnci3aaqqaq2dnnbr-hello-2.12.2
/nix/store/dw402azxjrgrzrk6j0p66wkqrab5mwgw-hello-2.12.2.tar.gz
/nix/store/l622p70vy8k5sh7y5wizi5f2mic6ynpg-source-stdenv.sh
/nix/store/qfdf0si45105mh5576w07wgkb8i90hf1-version-check-hook
/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3
/nix/store/s3w5m3spa1g71hx0yb82lvk6394j3w5j-stdenv-linux
/nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
$ nix-build ./foo.nix -A hello_normal_input_drv
/nix/store/j7xc18fbkk8i9xpfsp0c818czny1na0s-hello-2.12.2
$ nix-build ./foo.nix -A custom_structured_attrs
this derivation will be built:
/nix/store/xgqlasy8s4nmyilpjw1ghp293vpgvg8s-test.drv
building '/nix/store/xgqlasy8s4nmyilpjw1ghp293vpgvg8s-test.drv'...
error: output '/nix/store/xwmj01zcqfk87xmnkxpac3s8g4kc1zhm-test' is not allowed to refer to the following paths:
/nix/store/xwmj01zcqfk87xmnkxpac3s8g4kc1zhm-test
$ nix-build ./foo.nix -A custom_normal
this derivation will be built:
/nix/store/j33g131zzl7ja9cks1zh5iw120bmxyhd-test.drv
building '/nix/store/j33g131zzl7ja9cks1zh5iw120bmxyhd-test.drv'...
error: output '/nix/store/0v155p1jr7kbqh4k8f0mf8pywvrry8mb-test' is not allowed to refer to the following paths:
/nix/store/0v155p1jr7kbqh4k8f0mf8pywvrry8mb-test
nix-instantiate commands & output
$ nix derivation show $(nix-instantiate ./foo.nix -A hello_structured_attrs_input_drv)
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
{
"/nix/store/7hx8ppgiww8y85wn0m3lznaz82kjd09a-hello-2.12.2.drv": {
"args": [
"-c",
"out=\"/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9\"\nif [ -e \"$NIX_ATTRS_SH_FILE\" ]; then . \"$NIX_ATTRS_SH_FILE\"; fi\ndeclare -p > $out\nfor var in $passAsFile; do\n pathVar=\"${var}Path\"\n printf \"%s\" \"$(< \"${!pathVar}\")\" >> $out\ndone\n"
],
"builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"env": {
"__json": "{\"_derivation_original_args\":[\"-e\",\"/nix/store/l622p70vy8k5sh7y5wizi5f2mic6ynpg-source-stdenv.sh\",\"/nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh\"],\"_derivation_original_builder\":\"/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash\",\"buildInputs\":[],\"builder\":\"/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash\",\"cmakeFlags\":[],\"configureFlags\":[],\"depsBuildBuild\":[],\"depsBuildBuildPropagated\":[],\"depsBuildTarget\":[],\"depsBuildTargetPropagated\":[],\"depsHostHost\":[],\"depsHostHostPropagated\":[],\"depsTargetTarget\":[],\"depsTargetTargetPropagated\":[],\"doCheck\":true,\"doInstallCheck\":true,\"env\":{\"NIX_MAIN_PROGRAM\":\"hello\"},\"mesonFlags\":[],\"name\":\"hello-2.12.2\",\"nativeBuildInputs\":[\"/nix/store/qfdf0si45105mh5576w07wgkb8i90hf1-version-check-hook\"],\"outputChecks\":{\"out\":{\"allowedReferences\":null,\"allowedRequisites\":null,\"disallowedReferences\":[],\"disallowedRequisites\":[]}},\"outputs\":[\"out\"],\"patches\":[],\"pname\":\"hello\",\"postInstallCheck\":\"stat \\\"${!outputBin}/bin/hello\\\"\\n\",\"propagatedBuildInputs\":[],\"propagatedNativeBuildInputs\":[],\"src\":\"/nix/store/dw402azxjrgrzrk6j0p66wkqrab5mwgw-hello-2.12.2.tar.gz\",\"stdenv\":\"/nix/store/s3w5m3spa1g71hx0yb82lvk6394j3w5j-stdenv-linux\",\"strictDeps\":false,\"system\":\"x86_64-linux\",\"version\":\"2.12.2\"}",
"out": "/nix/store/75swj9mcras6j1npnci3aaqqaq2dnnbr-hello-2.12.2"
},
"inputDrvs": {
"/nix/store/2vkmd62i9mivyfj7ajvmjxiqdlpzvw0v-hello-2.12.2.tar.gz.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
},
"/nix/store/dkd7x68qnzz99f3dvmf50ig8xwpvaax8-version-check-hook.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
},
"/nix/store/pnjvpwgka59d6fwpp9fnz42ll2ai4ffm-stdenv-linux.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
},
"/nix/store/vwmk63kc9sysjif65h7fdwnqr5h8jfm6-bash-5.3p3.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
}
},
"inputSrcs": [
"/nix/store/l622p70vy8k5sh7y5wizi5f2mic6ynpg-source-stdenv.sh",
"/nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh"
],
"name": "hello-2.12.2",
"outputs": {
"out": {
"path": "/nix/store/75swj9mcras6j1npnci3aaqqaq2dnnbr-hello-2.12.2"
}
},
"system": "x86_64-linux"
}
}
$ nix derivation show $(nix-instantiate ./foo.nix -A hello_normal_input_drv)
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
{
"/nix/store/0yhch028f306a1fdpbn6x738dbi4g7aq-hello-2.12.2.drv": {
"args": [
"-c",
"out=\"/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9\"\nif [ -e \"$NIX_ATTRS_SH_FILE\" ]; then . \"$NIX_ATTRS_SH_FILE\"; fi\ndeclare -p > $out\nfor var in $passAsFile; do\n pathVar=\"${var}Path\"\n printf \"%s\" \"$(< \"${!pathVar}\")\" >> $out\ndone\n"
],
"builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"env": {
"__structuredAttrs": "",
"_derivation_original_args": "-e /nix/store/l622p70vy8k5sh7y5wizi5f2mic6ynpg-source-stdenv.sh /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh",
"_derivation_original_builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"buildInputs": "",
"builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"cmakeFlags": "",
"configureFlags": "",
"depsBuildBuild": "",
"depsBuildBuildPropagated": "",
"depsBuildTarget": "",
"depsBuildTargetPropagated": "",
"depsHostHost": "",
"depsHostHostPropagated": "",
"depsTargetTarget": "",
"depsTargetTargetPropagated": "",
"disallowedReferences": "",
"disallowedRequisites": "",
"doCheck": "1",
"doInstallCheck": "1",
"mesonFlags": "",
"name": "hello-2.12.2",
"nativeBuildInputs": "/nix/store/qfdf0si45105mh5576w07wgkb8i90hf1-version-check-hook",
"out": "/nix/store/j7xc18fbkk8i9xpfsp0c818czny1na0s-hello-2.12.2",
"outputs": "out",
"patches": "",
"pname": "hello",
"postInstallCheck": "stat \"${!outputBin}/bin/hello\"\n",
"propagatedBuildInputs": "",
"propagatedNativeBuildInputs": "",
"src": "/nix/store/dw402azxjrgrzrk6j0p66wkqrab5mwgw-hello-2.12.2.tar.gz",
"stdenv": "/nix/store/s3w5m3spa1g71hx0yb82lvk6394j3w5j-stdenv-linux",
"strictDeps": "",
"system": "x86_64-linux",
"version": "2.12.2"
},
"inputDrvs": {
"/nix/store/2vkmd62i9mivyfj7ajvmjxiqdlpzvw0v-hello-2.12.2.tar.gz.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
},
"/nix/store/dkd7x68qnzz99f3dvmf50ig8xwpvaax8-version-check-hook.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
},
"/nix/store/pnjvpwgka59d6fwpp9fnz42ll2ai4ffm-stdenv-linux.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
},
"/nix/store/vwmk63kc9sysjif65h7fdwnqr5h8jfm6-bash-5.3p3.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
}
},
"inputSrcs": [
"/nix/store/l622p70vy8k5sh7y5wizi5f2mic6ynpg-source-stdenv.sh",
"/nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh"
],
"name": "hello-2.12.2",
"outputs": {
"out": {
"path": "/nix/store/j7xc18fbkk8i9xpfsp0c818czny1na0s-hello-2.12.2"
}
},
"system": "x86_64-linux"
}
}
$ nix derivation show $(nix-instantiate ./foo.nix -A custom_structured_attrs)
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
{
"/nix/store/xgqlasy8s4nmyilpjw1ghp293vpgvg8s-test.drv": {
"args": [
"-c",
"out=\"/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9\"\necho \"$out\" > $out\n"
],
"builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"env": {
"__json": "{\"builder\":\"/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash\",\"name\":\"test\",\"outputChecks\":{\"out\":{\"allowedReferences\":null,\"allowedRequisites\":null,\"disallowedReferences\":[],\"disallowedRequisites\":[]}},\"outputs\":[\"out\"],\"system\":\"x86_64-linux\"}",
"out": "/nix/store/xwmj01zcqfk87xmnkxpac3s8g4kc1zhm-test"
},
"inputDrvs": {
"/nix/store/vwmk63kc9sysjif65h7fdwnqr5h8jfm6-bash-5.3p3.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
}
},
"inputSrcs": [],
"name": "test",
"outputs": {
"out": {
"path": "/nix/store/xwmj01zcqfk87xmnkxpac3s8g4kc1zhm-test"
}
},
"system": "x86_64-linux"
}
}
$ nix derivation show $(nix-instantiate ./foo.nix -A custom_normal)
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
{
"/nix/store/j33g131zzl7ja9cks1zh5iw120bmxyhd-test.drv": {
"args": [
"-c",
"out=\"/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9\"\necho \"$out\" > $out\n"
],
"builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"env": {
"allowedReferences": "",
"allowedRequisites": "",
"builder": "/nix/store/rlq03x4cwf8zn73hxaxnx0zn5q9kifls-bash-5.3p3/bin/bash",
"disallowedReferences": "",
"disallowedRequisites": "",
"name": "test",
"out": "/nix/store/0v155p1jr7kbqh4k8f0mf8pywvrry8mb-test",
"outputs": "out",
"system": "x86_64-linux"
},
"inputDrvs": {
"/nix/store/vwmk63kc9sysjif65h7fdwnqr5h8jfm6-bash-5.3p3.drv": {
"dynamicOutputs": {},
"outputs": [
"out"
]
}
},
"inputSrcs": [],
"name": "test",
"outputs": {
"out": {
"path": "/nix/store/0v155p1jr7kbqh4k8f0mf8pywvrry8mb-test"
}
},
"system": "x86_64-linux"
}
}
Note that outputChecks.out.allowedReferences gets preserved as json and therefore the null value appears in the derivation.
By contrast allowedReferences either gets turned in to "" (in the case of custom_normal), or gets deleted altogether (in the case of hello_normal).
Adding __ignoreNulls = true; didn't change anything. Am I missing something?
Ooooooh. I was putting it in the wrong place.
In any case, __ignoreNulls = true; already gets set in mkDerivation! Which, incidentally, is why allowedReferences = null; was getting deleted from inputDerivation and not from my custom derviation!
But this also means that, apparently, it only applies to top-level attributes not to outputChecks.out.allowedReferences
I've temporarily switched us to github:nixos/nixpkgs/release-25.11 so we can test whether everything works before the channel catches up.
@Radvendii I think the remaining failures are due to incorrect versions for the "skip if daemon older than" conditions. It is not hard for this thing to happen.
I would guess that the functional test failures we have no were not succeeding before, but skipped before.
That makes sense for the #13247 test (should we open a new issue for that being broken?)
The other errors come from tests/functional/build.sh, and I can't reproduce it locally, even with daemon version 2.31.2 running. Am I holding it wrong? Do I need to do something specific to get the tests to run against the daemon?