Merge pull request #13787 from NixOS/mergify/bp/2.29-maintenance/pr-13785

flake: nixpkgs: nixos-unstable -> nixos-25.05-small (backport #13785)
2025-11-09 03:56:01 +01:00 · 2025-08-18 16:56:44 -04:00 · 2025-08-18 16:56:44 -04:00 · 9328af84d3
commit 9328af84d3
parent 2454267de0 2aba7ac90d
20 changed files with 231 additions and 224 deletions
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@ -1,2 +1,4 @@
 # bulk initial re-formatting with clang-format
 0e35cd6f3e27760976ead16fb45008ece0185aad # !autorebase ./maintainers/format.sh --until-stable
 # nixfmt 1.0.0
 d6aebd884790ae82c21ef2b58a010026ce757eaf # !autorebase ./maintainers/format.sh --until-stable
--- a/doc/manual/package.nix
+++ b/doc/manual/package.nix
@ -46,24 +46,23 @@ mkMesonDerivation (finalAttrs: {
  ];
  # Hack for sake of the dev shell
-  passthru.externalNativeBuildInputs =
+  passthru.externalNativeBuildInputs = [
-    [
+    meson
-      meson
+    ninja
-      ninja
+    (lib.getBin lowdown-unsandboxed)
-      (lib.getBin lowdown-unsandboxed)
+    mdbook
-      mdbook
+    mdbook-linkcheck
-      mdbook-linkcheck
+    jq
-      jq
+    python3
-      python3
+    rsync
-      rsync
+    changelog-d
-      changelog-d
+  ]
-    ]
+  ++ lib.optionals (!officialRelease) [
-    ++ lib.optionals (!officialRelease) [
+    # When not an official release, we likely have changelog entries that have
-      # When not an official release, we likely have changelog entries that have
+    # yet to be rendered.
-      # yet to be rendered.
+    # When released, these are rendered into a committed file to save a dependency.
-      # When released, these are rendered into a committed file to save a dependency.
+    changelog-d
-      changelog-d
+  ];
    ];
  nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
    nix-cli
--- a/docker.nix
+++ b/docker.nix
@ -38,60 +38,58 @@ let
    ]
    ++ extraPkgs;
-  users =
+  users = {
    {
-      root = {
+    root = {
-        uid = 0;
+      uid = 0;
-        shell = "${pkgs.bashInteractive}/bin/bash";
+      shell = "${pkgs.bashInteractive}/bin/bash";
-        home = "/root";
+      home = "/root";
-        gid = 0;
+      gid = 0;
-        groups = [ "root" ];
+      groups = [ "root" ];
-        description = "System administrator";
+      description = "System administrator";
      };
      nobody = {
        uid = 65534;
        shell = "${pkgs.shadow}/bin/nologin";
        home = "/var/empty";
        gid = 65534;
        groups = [ "nobody" ];
        description = "Unprivileged account (don't use!)";
      };
    }
    // lib.optionalAttrs (uid != 0) {
      "${uname}" = {
        uid = uid;
        shell = "${pkgs.bashInteractive}/bin/bash";
        home = "/home/${uname}";
        gid = gid;
        groups = [ "${gname}" ];
        description = "Nix user";
      };
    }
    // lib.listToAttrs (
      map (n: {
        name = "nixbld${toString n}";
        value = {
          uid = 30000 + n;
          gid = 30000;
          groups = [ "nixbld" ];
          description = "Nix build user ${toString n}";
        };
      }) (lib.lists.range 1 32)
    );
  groups =
    {
      root.gid = 0;
      nixbld.gid = 30000;
      nobody.gid = 65534;
    }
    // lib.optionalAttrs (gid != 0) {
      "${gname}".gid = gid;
    };
    nobody = {
      uid = 65534;
      shell = "${pkgs.shadow}/bin/nologin";
      home = "/var/empty";
      gid = 65534;
      groups = [ "nobody" ];
      description = "Unprivileged account (don't use!)";
    };
  }
  // lib.optionalAttrs (uid != 0) {
    "${uname}" = {
      uid = uid;
      shell = "${pkgs.bashInteractive}/bin/bash";
      home = "/home/${uname}";
      gid = gid;
      groups = [ "${gname}" ];
      description = "Nix user";
    };
  }
  // lib.listToAttrs (
    map (n: {
      name = "nixbld${toString n}";
      value = {
        uid = 30000 + n;
        gid = 30000;
        groups = [ "nixbld" ];
        description = "Nix build user ${toString n}";
      };
    }) (lib.lists.range 1 32)
  );
  groups = {
    root.gid = 0;
    nixbld.gid = 30000;
    nobody.gid = 65534;
  }
  // lib.optionalAttrs (gid != 0) {
    "${gname}".gid = gid;
  };
  userToPasswd = (
    k:
    {
--- a/flake.lock
+++ b/flake.lock
@ -63,16 +63,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1747179050,
+        "lastModified": 1755442223,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "narHash": "sha256-VtMQg02B3kt1oejwwrGn50U9Xbjgzfbb5TV5Wtx8dKI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "cd32a774ac52caaa03bcfc9e7591ac8c18617ced",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.05-small",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,7 @@
 {
  description = "The purely functional package manager";
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small";
  inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
  inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446";
--- a/packaging/components.nix
+++ b/packaging/components.nix
@ -54,12 +54,12 @@ let
    preConfigure =
      prevAttrs.preConfigure or ""
      +
-        # Update the repo-global .version file.
+      # Update the repo-global .version file.
-        # Symlink ./.version points there, but by default only workDir is writable.
+      # Symlink ./.version points there, but by default only workDir is writable.
-        ''
+      ''
-          chmod u+w ./.version
+        chmod u+w ./.version
-          echo ${finalAttrs.version} > ./.version
+        echo ${finalAttrs.version} > ./.version
-        '';
+      '';
  };
  localSourceLayer =
@ -148,7 +148,8 @@ let
    nativeBuildInputs = [
      meson
      ninja
-    ] ++ prevAttrs.nativeBuildInputs or [ ];
+    ]
    ++ prevAttrs.nativeBuildInputs or [ ];
    mesonCheckFlags = prevAttrs.mesonCheckFlags or [ ] ++ [
      "--print-errorlogs"
    ];
--- a/packaging/dev-shell.nix
+++ b/packaging/dev-shell.nix
@ -71,17 +71,16 @@ pkgs.nixComponents2.nix-util.overrideAttrs (
    # We use this shell with the local checkout, not unpackPhase.
    src = null;
-    env =
+    env = {
-      {
+      # For `make format`, to work without installing pre-commit
-        # For `make format`, to work without installing pre-commit
+      _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml"
-        _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml"
+        modular.pre-commit.settings.rawConfig
-          modular.pre-commit.settings.rawConfig
+      }";
-        }";
+    }
-      }
+    // lib.optionalAttrs stdenv.hostPlatform.isLinux {
-      // lib.optionalAttrs stdenv.hostPlatform.isLinux {
+      CC_LD = "mold";
-        CC_LD = "mold";
+      CXX_LD = "mold";
-        CXX_LD = "mold";
+    };
      };
    mesonFlags =
      map (transformFlag "libutil") (ignoreCrossFile pkgs.nixComponents2.nix-util.mesonFlags)
--- a/packaging/everything.nix
+++ b/packaging/everything.nix
@ -47,25 +47,25 @@
 }:
 let
-  libs =
+  libs = {
-    {
+    inherit
-      inherit
+      nix-util
-        nix-util
+      nix-util-c
-        nix-util-c
+      nix-store
-        nix-store
+      nix-store-c
-        nix-store-c
+      nix-fetchers
-        nix-fetchers
+      nix-fetchers-c
-        nix-fetchers-c
+      nix-expr
-        nix-expr
+      nix-expr-c
-        nix-expr-c
+      nix-flake
-        nix-flake
+      nix-flake-c
-        nix-flake-c
+      nix-main
-        nix-main
+      nix-main-c
-        nix-main-c
+      nix-cmd
-        nix-cmd
+      ;
-        ;
+  }
-    }
+  //
-    // lib.optionalAttrs
+    lib.optionalAttrs
      (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
      {
        # Currently fails in static build
@ -127,20 +127,19 @@ stdenv.mkDerivation (finalAttrs: {
  */
  dontFixup = true;
-  checkInputs =
+  checkInputs = [
-    [
+    # Make sure the unit tests have passed
-      # Make sure the unit tests have passed
+    nix-util-tests.tests.run
-      nix-util-tests.tests.run
+    nix-store-tests.tests.run
-      nix-store-tests.tests.run
+    nix-expr-tests.tests.run
-      nix-expr-tests.tests.run
+    nix-fetchers-tests.tests.run
-      nix-fetchers-tests.tests.run
+    nix-flake-tests.tests.run
      nix-flake-tests.tests.run
-      # Make sure the functional tests have passed
+    # Make sure the functional tests have passed
-      nix-functional-tests
+    nix-functional-tests
-    ]
+  ]
-    ++ lib.optionals
+  ++
-      (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
+    lib.optionals (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
      [
        # Perl currently fails in static build
        # TODO: Split out tests into a separate derivation?
--- a/src/libcmd/package.nix
+++ b/src/libcmd/package.nix
@ -53,7 +53,8 @@ mkMesonLibrary (finalAttrs: {
  buildInputs = [
    ({ inherit editline readline; }.${readlineFlavor})
-  ] ++ lib.optional enableMarkdown lowdown;
+  ]
  ++ lib.optional enableMarkdown lowdown;
  propagatedBuildInputs = [
    nix-util
--- a/src/libexpr/package.nix
+++ b/src/libexpr/package.nix
@ -70,13 +70,15 @@ mkMesonLibrary (finalAttrs: {
    nix-util
    nix-store
    nix-fetchers
-  ] ++ finalAttrs.passthru.externalPropagatedBuildInputs;
+  ]
  ++ finalAttrs.passthru.externalPropagatedBuildInputs;
  # Hack for sake of the dev shell
  passthru.externalPropagatedBuildInputs = [
    boost
    nlohmann_json
-  ] ++ lib.optional enableGC boehmgc;
+  ]
  ++ lib.optional enableGC boehmgc;
  mesonFlags = [
    (lib.mesonEnable "gc" enableGC)
--- a/src/libstore/package.nix
+++ b/src/libstore/package.nix
@ -58,30 +58,28 @@ mkMesonLibrary (finalAttrs: {
  nativeBuildInputs = lib.optional embeddedSandboxShell unixtools.hexdump;
-  buildInputs =
+  buildInputs = [
-    [
+    boost
-      boost
+    curl
-      curl
+    sqlite
-      sqlite
+  ]
-    ]
+  ++ lib.optional stdenv.hostPlatform.isLinux libseccomp
-    ++ lib.optional stdenv.hostPlatform.isLinux libseccomp
+  # There have been issues building these dependencies
-    # There have been issues building these dependencies
+  ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox
-    ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox
+  ++ lib.optional withAWS aws-sdk-cpp;
    ++ lib.optional withAWS aws-sdk-cpp;
  propagatedBuildInputs = [
    nix-util
    nlohmann_json
  ];
-  mesonFlags =
+  mesonFlags = [
-    [
+    (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux)
-      (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux)
+    (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell)
-      (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell)
+  ]
-    ]
+  ++ lib.optionals stdenv.hostPlatform.isLinux [
-    ++ lib.optionals stdenv.hostPlatform.isLinux [
+    (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox")
-      (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox")
+  ];
    ];
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
--- a/src/libutil/package.nix
+++ b/src/libutil/package.nix
@ -50,7 +50,8 @@ mkMesonLibrary (finalAttrs: {
    libblake3
    libsodium
    openssl
-  ] ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid;
+  ]
  ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid;
  propagatedBuildInputs = [
    boost
--- a/src/perl/package.nix
+++ b/src/perl/package.nix
@ -45,7 +45,8 @@ perl.pkgs.toPerlModule (
    buildInputs = [
      nix-store
-    ] ++ finalAttrs.passthru.externalBuildInputs;
+    ]
    ++ finalAttrs.passthru.externalBuildInputs;
    # Hack for sake of the dev shell
    passthru.externalBuildInputs = [
--- a/tests/functional/lang/eval-okay-attrnames.nix
+++ b/tests/functional/lang/eval-okay-attrnames.nix
@ -2,16 +2,15 @@ with import ./lib.nix;
 let
-  attrs =
+  attrs = {
-    {
+    y = "y";
-      y = "y";
+    x = "x";
-      x = "x";
+    foo = "foo";
-      foo = "foo";
+  }
-    }
+  // rec {
-    // rec {
+    x = "newx";
-      x = "newx";
+    bar = x;
-      bar = x;
+  };
    };
  names = builtins.attrNames attrs;
--- a/tests/functional/lang/eval-okay-attrs.nix
+++ b/tests/functional/lang/eval-okay-attrs.nix
@ -1,15 +1,14 @@
 let {
-  as =
+  as = {
-    {
+    x = 123;
-      x = 123;
+    y = 456;
-      y = 456;
+  }
-    }
+  // {
-    // {
+    z = 789;
-      z = 789;
+  }
-    }
+  // {
-    // {
+    z = 987;
-      z = 987;
+  };
    };
  body =
    if as ? a then
--- a/tests/functional/lang/eval-okay-attrs2.nix
+++ b/tests/functional/lang/eval-okay-attrs2.nix
@ -1,15 +1,14 @@
 let {
-  as =
+  as = {
-    {
+    x = 123;
-      x = 123;
+    y = 456;
-      y = 456;
+  }
-    }
+  // {
-    // {
+    z = 789;
-      z = 789;
+  }
-    }
+  // {
-    // {
+    z = 987;
-      z = 987;
+  };
    };
  A = "a";
  Z = "z";
--- a/tests/functional/lang/eval-okay-import.nix
+++ b/tests/functional/lang/eval-okay-import.nix
@ -6,7 +6,8 @@ let
    scopedImport = attrs: fn: scopedImport (overrides // attrs) fn;
    builtins = builtins // overrides;
-  } // import ./lib.nix;
+  }
  // import ./lib.nix;
 in
 scopedImport overrides ./imported.nix
--- a/tests/functional/nested-sandboxing/runner.nix
+++ b/tests/functional/nested-sandboxing/runner.nix
@ -6,32 +6,31 @@ mkDerivation {
  name = "nested-sandboxing";
  busybox = builtins.getEnv "busybox";
  EXTRA_SANDBOX = builtins.getEnv "EXTRA_SANDBOX";
-  buildCommand =
+  buildCommand = ''
-    ''
+    set -x
-      set -x
+    set -eu -o pipefail
-      set -eu -o pipefail
+  ''
-    ''
+  + (
-    + (
+    if altitude == 0 then
-      if altitude == 0 then
+      ''
-        ''
+        echo Deep enough! > $out
-          echo Deep enough! > $out
+      ''
-        ''
+    else
-      else
+      ''
-        ''
+        cp -r ${../common} ./common
-          cp -r ${../common} ./common
+        cp ${../common.sh} ./common.sh
-          cp ${../common.sh} ./common.sh
+        cp ${../config.nix} ./config.nix
-          cp ${../config.nix} ./config.nix
+        cp -r ${./.} ./nested-sandboxing
          cp -r ${./.} ./nested-sandboxing
-          export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH
+        export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH
-          export _NIX_TEST_SOURCE_DIR=$PWD
+        export _NIX_TEST_SOURCE_DIR=$PWD
-          export _NIX_TEST_BUILD_DIR=$PWD
+        export _NIX_TEST_BUILD_DIR=$PWD
-          source common.sh
+        source common.sh
-          source ./nested-sandboxing/command.sh
+        source ./nested-sandboxing/command.sh
-          runNixBuild ${storeFun} ${toString altitude} >> $out
+        runNixBuild ${storeFun} ${toString altitude} >> $out
-        ''
+      ''
-    );
+  );
 }
--- a/tests/functional/package.nix
+++ b/tests/functional/package.nix
@ -47,26 +47,25 @@ mkMesonDerivation (
    ];
    # Hack for sake of the dev shell
-    passthru.externalNativeBuildInputs =
+    passthru.externalNativeBuildInputs = [
-      [
+      meson
-        meson
+      ninja
-        ninja
+      pkg-config
        pkg-config
-        jq
+      jq
-        git
+      git
-        mercurial
+      mercurial
-        unixtools.script
+      unixtools.script
-      ]
+    ]
-      ++ lib.optionals stdenv.hostPlatform.isLinux [
+    ++ lib.optionals stdenv.hostPlatform.isLinux [
-        # For various sandboxing tests that needs a statically-linked shell,
+      # For various sandboxing tests that needs a statically-linked shell,
-        # etc.
+      # etc.
-        busybox-sandbox-shell
+      busybox-sandbox-shell
-        # For Overlay FS tests need `mount`, `umount`, and `unshare`.
+      # For Overlay FS tests need `mount`, `umount`, and `unshare`.
-        # For `script` command (ensuring a TTY)
+      # For `script` command (ensuring a TTY)
-        # TODO use `unixtools` to be precise over which executables instead?
+      # TODO use `unixtools` to be precise over which executables instead?
-        util-linux
+      util-linux
-      ];
+    ];
    nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
      nix-cli
--- a/tests/nixos/default.nix
+++ b/tests/nixos/default.nix
@ -77,7 +77,15 @@ let
    { lib, pkgs, ... }:
    {
      imports = [ checkOverrideNixVersion ];
-      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+      nix.package = lib.mkForce (
        pkgs.nixVersions.nix_2_3.overrideAttrs (o: {
          meta = o.meta // {
            # This version shouldn't be used by end-users, but we run tests against
            # it to ensure we don't break protocol compatibility.
            knownVulnerabilities = [ ];
          };
        })
      );
    };
  otherNixes.nix_2_13.setNixPackage =
@ -88,6 +96,8 @@ let
        nixpkgs-23-11.legacyPackages.${pkgs.stdenv.hostPlatform.system}.nixVersions.nix_2_13.overrideAttrs
          (o: {
            meta = o.meta // {
              # This version shouldn't be used by end-users, but we run tests against
              # it to ensure we don't break protocol compatibility.
              knownVulnerabilities = [ ];
            };
          })