Merge pull request #13787 from NixOS/mergify/bp/2.29-maintenance/pr-13785

flake: nixpkgs: nixos-unstable -> nixos-25.05-small (backport #13785)
2025-11-08 19:46:02 +01:00 · 2025-08-18 16:56:44 -04:00 · 2025-08-18 16:56:44 -04:00 · 9328af84d3
commit 9328af84d3
parent 2454267de0 2aba7ac90d
20 changed files with 231 additions and 224 deletions
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@ -1,2 +1,4 @@
 # bulk initial re-formatting with clang-format
 0e35cd6f3e27760976ead16fb45008ece0185aad # !autorebase ./maintainers/format.sh --until-stable
+# nixfmt 1.0.0
+d6aebd884790ae82c21ef2b58a010026ce757eaf # !autorebase ./maintainers/format.sh --until-stable
--- a/doc/manual/package.nix
+++ b/doc/manual/package.nix
@ -46,24 +46,23 @@ mkMesonDerivation (finalAttrs: {
  ];

  # Hack for sake of the dev shell
-  passthru.externalNativeBuildInputs =
-    [
-      meson
-      ninja
-      (lib.getBin lowdown-unsandboxed)
-      mdbook
-      mdbook-linkcheck
-      jq
-      python3
-      rsync
-      changelog-d
-    ]
-    ++ lib.optionals (!officialRelease) [
-      # When not an official release, we likely have changelog entries that have
-      # yet to be rendered.
-      # When released, these are rendered into a committed file to save a dependency.
-      changelog-d
-    ];
+  passthru.externalNativeBuildInputs = [
+    meson
+    ninja
+    (lib.getBin lowdown-unsandboxed)
+    mdbook
+    mdbook-linkcheck
+    jq
+    python3
+    rsync
+    changelog-d
+  ]
+  ++ lib.optionals (!officialRelease) [
+    # When not an official release, we likely have changelog entries that have
+    # yet to be rendered.
+    # When released, these are rendered into a committed file to save a dependency.
+    changelog-d
+  ];

  nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
    nix-cli
--- a/docker.nix
+++ b/docker.nix
@ -38,60 +38,58 @@ let
    ]
    ++ extraPkgs;

-  users =
-    {
+  users = {

-      root = {
-        uid = 0;
-        shell = "${pkgs.bashInteractive}/bin/bash";
-        home = "/root";
-        gid = 0;
-        groups = [ "root" ];
-        description = "System administrator";
-      };
-
-      nobody = {
-        uid = 65534;
-        shell = "${pkgs.shadow}/bin/nologin";
-        home = "/var/empty";
-        gid = 65534;
-        groups = [ "nobody" ];
-        description = "Unprivileged account (don't use!)";
-      };
-
-    }
-    // lib.optionalAttrs (uid != 0) {
-      "${uname}" = {
-        uid = uid;
-        shell = "${pkgs.bashInteractive}/bin/bash";
-        home = "/home/${uname}";
-        gid = gid;
-        groups = [ "${gname}" ];
-        description = "Nix user";
-      };
-    }
-    // lib.listToAttrs (
-      map (n: {
-        name = "nixbld${toString n}";
-        value = {
-          uid = 30000 + n;
-          gid = 30000;
-          groups = [ "nixbld" ];
-          description = "Nix build user ${toString n}";
-        };
-      }) (lib.lists.range 1 32)
-    );
-
-  groups =
-    {
-      root.gid = 0;
-      nixbld.gid = 30000;
-      nobody.gid = 65534;
-    }
-    // lib.optionalAttrs (gid != 0) {
-      "${gname}".gid = gid;
+    root = {
+      uid = 0;
+      shell = "${pkgs.bashInteractive}/bin/bash";
+      home = "/root";
+      gid = 0;
+      groups = [ "root" ];
+      description = "System administrator";
    };

+    nobody = {
+      uid = 65534;
+      shell = "${pkgs.shadow}/bin/nologin";
+      home = "/var/empty";
+      gid = 65534;
+      groups = [ "nobody" ];
+      description = "Unprivileged account (don't use!)";
+    };
+
+  }
+  // lib.optionalAttrs (uid != 0) {
+    "${uname}" = {
+      uid = uid;
+      shell = "${pkgs.bashInteractive}/bin/bash";
+      home = "/home/${uname}";
+      gid = gid;
+      groups = [ "${gname}" ];
+      description = "Nix user";
+    };
+  }
+  // lib.listToAttrs (
+    map (n: {
+      name = "nixbld${toString n}";
+      value = {
+        uid = 30000 + n;
+        gid = 30000;
+        groups = [ "nixbld" ];
+        description = "Nix build user ${toString n}";
+      };
+    }) (lib.lists.range 1 32)
+  );
+
+  groups = {
+    root.gid = 0;
+    nixbld.gid = 30000;
+    nobody.gid = 65534;
+  }
+  // lib.optionalAttrs (gid != 0) {
+    "${gname}".gid = gid;
+  };
+
  userToPasswd = (
    k:
    {
--- a/flake.lock
+++ b/flake.lock
@ -63,16 +63,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1747179050,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "lastModified": 1755442223,
+        "narHash": "sha256-VtMQg02B3kt1oejwwrGn50U9Xbjgzfbb5TV5Wtx8dKI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "cd32a774ac52caaa03bcfc9e7591ac8c18617ced",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.05-small",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,7 @@
 {
  description = "The purely functional package manager";

-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small";

  inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
  inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446";
--- a/packaging/components.nix
+++ b/packaging/components.nix
@ -54,12 +54,12 @@ let
    preConfigure =
      prevAttrs.preConfigure or ""
      +
-        # Update the repo-global .version file.
-        # Symlink ./.version points there, but by default only workDir is writable.
-        ''
-          chmod u+w ./.version
-          echo ${finalAttrs.version} > ./.version
-        '';
+      # Update the repo-global .version file.
+      # Symlink ./.version points there, but by default only workDir is writable.
+      ''
+        chmod u+w ./.version
+        echo ${finalAttrs.version} > ./.version
+      '';
  };

  localSourceLayer =
@ -148,7 +148,8 @@ let
    nativeBuildInputs = [
      meson
      ninja
-    ] ++ prevAttrs.nativeBuildInputs or [ ];
+    ]
+    ++ prevAttrs.nativeBuildInputs or [ ];
    mesonCheckFlags = prevAttrs.mesonCheckFlags or [ ] ++ [
      "--print-errorlogs"
    ];
--- a/packaging/dev-shell.nix
+++ b/packaging/dev-shell.nix
@ -71,17 +71,16 @@ pkgs.nixComponents2.nix-util.overrideAttrs (
    # We use this shell with the local checkout, not unpackPhase.
    src = null;

-    env =
-      {
-        # For `make format`, to work without installing pre-commit
-        _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml"
-          modular.pre-commit.settings.rawConfig
-        }";
-      }
-      // lib.optionalAttrs stdenv.hostPlatform.isLinux {
-        CC_LD = "mold";
-        CXX_LD = "mold";
-      };
+    env = {
+      # For `make format`, to work without installing pre-commit
+      _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml"
+        modular.pre-commit.settings.rawConfig
+      }";
+    }
+    // lib.optionalAttrs stdenv.hostPlatform.isLinux {
+      CC_LD = "mold";
+      CXX_LD = "mold";
+    };

    mesonFlags =
      map (transformFlag "libutil") (ignoreCrossFile pkgs.nixComponents2.nix-util.mesonFlags)
--- a/packaging/everything.nix
+++ b/packaging/everything.nix
@ -47,25 +47,25 @@
 }:

 let
-  libs =
-    {
-      inherit
-        nix-util
-        nix-util-c
-        nix-store
-        nix-store-c
-        nix-fetchers
-        nix-fetchers-c
-        nix-expr
-        nix-expr-c
-        nix-flake
-        nix-flake-c
-        nix-main
-        nix-main-c
-        nix-cmd
-        ;
-    }
-    // lib.optionalAttrs
+  libs = {
+    inherit
+      nix-util
+      nix-util-c
+      nix-store
+      nix-store-c
+      nix-fetchers
+      nix-fetchers-c
+      nix-expr
+      nix-expr-c
+      nix-flake
+      nix-flake-c
+      nix-main
+      nix-main-c
+      nix-cmd
+      ;
+  }
+  //
+    lib.optionalAttrs
      (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
      {
        # Currently fails in static build
@ -127,20 +127,19 @@ stdenv.mkDerivation (finalAttrs: {
  */
  dontFixup = true;

-  checkInputs =
-    [
-      # Make sure the unit tests have passed
-      nix-util-tests.tests.run
-      nix-store-tests.tests.run
-      nix-expr-tests.tests.run
-      nix-fetchers-tests.tests.run
-      nix-flake-tests.tests.run
+  checkInputs = [
+    # Make sure the unit tests have passed
+    nix-util-tests.tests.run
+    nix-store-tests.tests.run
+    nix-expr-tests.tests.run
+    nix-fetchers-tests.tests.run
+    nix-flake-tests.tests.run

-      # Make sure the functional tests have passed
-      nix-functional-tests
-    ]
-    ++ lib.optionals
-      (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
+    # Make sure the functional tests have passed
+    nix-functional-tests
+  ]
+  ++
+    lib.optionals (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
      [
        # Perl currently fails in static build
        # TODO: Split out tests into a separate derivation?
--- a/src/libcmd/package.nix
+++ b/src/libcmd/package.nix
@ -53,7 +53,8 @@ mkMesonLibrary (finalAttrs: {

  buildInputs = [
    ({ inherit editline readline; }.${readlineFlavor})
-  ] ++ lib.optional enableMarkdown lowdown;
+  ]
+  ++ lib.optional enableMarkdown lowdown;

  propagatedBuildInputs = [
    nix-util
--- a/src/libexpr/package.nix
+++ b/src/libexpr/package.nix
@ -70,13 +70,15 @@ mkMesonLibrary (finalAttrs: {
    nix-util
    nix-store
    nix-fetchers
-  ] ++ finalAttrs.passthru.externalPropagatedBuildInputs;
+  ]
+  ++ finalAttrs.passthru.externalPropagatedBuildInputs;

  # Hack for sake of the dev shell
  passthru.externalPropagatedBuildInputs = [
    boost
    nlohmann_json
-  ] ++ lib.optional enableGC boehmgc;
+  ]
+  ++ lib.optional enableGC boehmgc;

  mesonFlags = [
    (lib.mesonEnable "gc" enableGC)
--- a/src/libstore/package.nix
+++ b/src/libstore/package.nix
@ -58,30 +58,28 @@ mkMesonLibrary (finalAttrs: {

  nativeBuildInputs = lib.optional embeddedSandboxShell unixtools.hexdump;

-  buildInputs =
-    [
-      boost
-      curl
-      sqlite
-    ]
-    ++ lib.optional stdenv.hostPlatform.isLinux libseccomp
-    # There have been issues building these dependencies
-    ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox
-    ++ lib.optional withAWS aws-sdk-cpp;
+  buildInputs = [
+    boost
+    curl
+    sqlite
+  ]
+  ++ lib.optional stdenv.hostPlatform.isLinux libseccomp
+  # There have been issues building these dependencies
+  ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox
+  ++ lib.optional withAWS aws-sdk-cpp;

  propagatedBuildInputs = [
    nix-util
    nlohmann_json
  ];

-  mesonFlags =
-    [
-      (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux)
-      (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell)
-    ]
-    ++ lib.optionals stdenv.hostPlatform.isLinux [
-      (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox")
-    ];
+  mesonFlags = [
+    (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux)
+    (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell)
+  ]
+  ++ lib.optionals stdenv.hostPlatform.isLinux [
+    (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox")
+  ];

  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
--- a/src/libutil/package.nix
+++ b/src/libutil/package.nix
@ -50,7 +50,8 @@ mkMesonLibrary (finalAttrs: {
    libblake3
    libsodium
    openssl
-  ] ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid;
+  ]
+  ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid;

  propagatedBuildInputs = [
    boost
--- a/src/perl/package.nix
+++ b/src/perl/package.nix
@ -45,7 +45,8 @@ perl.pkgs.toPerlModule (

    buildInputs = [
      nix-store
-    ] ++ finalAttrs.passthru.externalBuildInputs;
+    ]
+    ++ finalAttrs.passthru.externalBuildInputs;

    # Hack for sake of the dev shell
    passthru.externalBuildInputs = [
--- a/tests/functional/lang/eval-okay-attrnames.nix
+++ b/tests/functional/lang/eval-okay-attrnames.nix
@ -2,16 +2,15 @@ with import ./lib.nix;

 let

-  attrs =
-    {
-      y = "y";
-      x = "x";
-      foo = "foo";
-    }
-    // rec {
-      x = "newx";
-      bar = x;
-    };
+  attrs = {
+    y = "y";
+    x = "x";
+    foo = "foo";
+  }
+  // rec {
+    x = "newx";
+    bar = x;
+  };

  names = builtins.attrNames attrs;

--- a/tests/functional/lang/eval-okay-attrs.nix
+++ b/tests/functional/lang/eval-okay-attrs.nix
@ -1,15 +1,14 @@
 let {
-  as =
-    {
-      x = 123;
-      y = 456;
-    }
-    // {
-      z = 789;
-    }
-    // {
-      z = 987;
-    };
+  as = {
+    x = 123;
+    y = 456;
+  }
+  // {
+    z = 789;
+  }
+  // {
+    z = 987;
+  };

  body =
    if as ? a then
--- a/tests/functional/lang/eval-okay-attrs2.nix
+++ b/tests/functional/lang/eval-okay-attrs2.nix
@ -1,15 +1,14 @@
 let {
-  as =
-    {
-      x = 123;
-      y = 456;
-    }
-    // {
-      z = 789;
-    }
-    // {
-      z = 987;
-    };
+  as = {
+    x = 123;
+    y = 456;
+  }
+  // {
+    z = 789;
+  }
+  // {
+    z = 987;
+  };

  A = "a";
  Z = "z";
--- a/tests/functional/lang/eval-okay-import.nix
+++ b/tests/functional/lang/eval-okay-import.nix
@ -6,7 +6,8 @@ let
    scopedImport = attrs: fn: scopedImport (overrides // attrs) fn;

    builtins = builtins // overrides;
-  } // import ./lib.nix;
+  }
+  // import ./lib.nix;

 in
 scopedImport overrides ./imported.nix
--- a/tests/functional/nested-sandboxing/runner.nix
+++ b/tests/functional/nested-sandboxing/runner.nix
@ -6,32 +6,31 @@ mkDerivation {
  name = "nested-sandboxing";
  busybox = builtins.getEnv "busybox";
  EXTRA_SANDBOX = builtins.getEnv "EXTRA_SANDBOX";
-  buildCommand =
-    ''
-      set -x
-      set -eu -o pipefail
-    ''
-    + (
-      if altitude == 0 then
-        ''
-          echo Deep enough! > $out
-        ''
-      else
-        ''
-          cp -r ${../common} ./common
-          cp ${../common.sh} ./common.sh
-          cp ${../config.nix} ./config.nix
-          cp -r ${./.} ./nested-sandboxing
+  buildCommand = ''
+    set -x
+    set -eu -o pipefail
+  ''
+  + (
+    if altitude == 0 then
+      ''
+        echo Deep enough! > $out
+      ''
+    else
+      ''
+        cp -r ${../common} ./common
+        cp ${../common.sh} ./common.sh
+        cp ${../config.nix} ./config.nix
+        cp -r ${./.} ./nested-sandboxing

-          export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH
+        export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH

-          export _NIX_TEST_SOURCE_DIR=$PWD
-          export _NIX_TEST_BUILD_DIR=$PWD
+        export _NIX_TEST_SOURCE_DIR=$PWD
+        export _NIX_TEST_BUILD_DIR=$PWD

-          source common.sh
-          source ./nested-sandboxing/command.sh
+        source common.sh
+        source ./nested-sandboxing/command.sh

-          runNixBuild ${storeFun} ${toString altitude} >> $out
-        ''
-    );
+        runNixBuild ${storeFun} ${toString altitude} >> $out
+      ''
+  );
 }
--- a/tests/functional/package.nix
+++ b/tests/functional/package.nix
@ -47,26 +47,25 @@ mkMesonDerivation (
    ];

    # Hack for sake of the dev shell
-    passthru.externalNativeBuildInputs =
-      [
-        meson
-        ninja
-        pkg-config
+    passthru.externalNativeBuildInputs = [
+      meson
+      ninja
+      pkg-config

-        jq
-        git
-        mercurial
-        unixtools.script
-      ]
-      ++ lib.optionals stdenv.hostPlatform.isLinux [
-        # For various sandboxing tests that needs a statically-linked shell,
-        # etc.
-        busybox-sandbox-shell
-        # For Overlay FS tests need `mount`, `umount`, and `unshare`.
-        # For `script` command (ensuring a TTY)
-        # TODO use `unixtools` to be precise over which executables instead?
-        util-linux
-      ];
+      jq
+      git
+      mercurial
+      unixtools.script
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isLinux [
+      # For various sandboxing tests that needs a statically-linked shell,
+      # etc.
+      busybox-sandbox-shell
+      # For Overlay FS tests need `mount`, `umount`, and `unshare`.
+      # For `script` command (ensuring a TTY)
+      # TODO use `unixtools` to be precise over which executables instead?
+      util-linux
+    ];

    nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
      nix-cli
--- a/tests/nixos/default.nix
+++ b/tests/nixos/default.nix
@ -77,7 +77,15 @@ let
    { lib, pkgs, ... }:
    {
      imports = [ checkOverrideNixVersion ];
-      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+      nix.package = lib.mkForce (
+        pkgs.nixVersions.nix_2_3.overrideAttrs (o: {
+          meta = o.meta // {
+            # This version shouldn't be used by end-users, but we run tests against
+            # it to ensure we don't break protocol compatibility.
+            knownVulnerabilities = [ ];
+          };
+        })
+      );
    };

  otherNixes.nix_2_13.setNixPackage =
@ -88,6 +96,8 @@ let
        nixpkgs-23-11.legacyPackages.${pkgs.stdenv.hostPlatform.system}.nixVersions.nix_2_13.overrideAttrs
          (o: {
            meta = o.meta // {
+              # This version shouldn't be used by end-users, but we run tests against
+              # it to ensure we don't break protocol compatibility.
              knownVulnerabilities = [ ];
            };
          })