From 8825cd56b5ed294091b6ed4abe94d44df2fe7f5d Mon Sep 17 00:00:00 2001
From: gustavderdrache <alex.ford@determinate.systems>
Date: Tue, 20 May 2025 13:46:19 -0400
Subject: [PATCH 1/3] Log warnings on IFD with new option

---
 src/libexpr/include/nix/expr/eval-settings.hh | 10 ++++++++++
 src/libexpr/primops.cc                        | 18 +++++++++++++-----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/libexpr/include/nix/expr/eval-settings.hh b/src/libexpr/include/nix/expr/eval-settings.hh
index 6e5bbca20..3ad2e9d2d 100644
--- a/src/libexpr/include/nix/expr/eval-settings.hh
+++ b/src/libexpr/include/nix/expr/eval-settings.hh
@@ -151,6 +151,16 @@ struct EvalSettings : Config
         )"
         };
 
+    Setting<bool> traceImportFromDerivation{
+        this, false, "trace-import-from-derivation",
+        R"(
+          By default, Nix allows [Import from Derivation](@docroot@/language/import-from-derivation.md).
+
+          When this setting is `true`, Nix will log a warning indicating that it performed such an import.
+          The `allow-import-from-derivation` setting takes precedence, and no warnings will be logged if that setting is also enabled.
+        )"
+        };
+
     Setting<bool> enableImportFromDerivation{
         this, true, "allow-import-from-derivation",
         R"(
diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc
index 44f7833e0..586952386 100644
--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@@ -97,11 +97,19 @@ StringMap EvalState::realiseContext(const NixStringContext & context, StorePathS
 
     if (drvs.empty()) return {};
 
-    if (isIFD && !settings.enableImportFromDerivation)
-        error<IFDError>(
-            "cannot build '%1%' during evaluation because the option 'allow-import-from-derivation' is disabled",
-            drvs.begin()->to_string(*store)
-        ).debugThrow();
+    if (isIFD) {
+        if (!settings.enableImportFromDerivation)
+            error<IFDError>(
+                "cannot build '%1%' during evaluation because the option 'allow-import-from-derivation' is disabled",
+                drvs.begin()->to_string(*store)
+            ).debugThrow();
+
+        if (settings.traceImportFromDerivation)
+            warn(
+                "built '%1%' during evaluation due to an import from derivation",
+                drvs.begin()->to_string(*store)
+            );
+    }
 
     /* Build/substitute the context. */
     std::vector<DerivedPath> buildReqs;

From 4355b7cbd5664364433abc64607b784fbe8c7979 Mon Sep 17 00:00:00 2001
From: gustavderdrache <alex.ford@determinate.systems>
Date: Wed, 21 May 2025 11:11:09 -0400
Subject: [PATCH 2/3] Add test for output warning to ensure stability

---
 tests/functional/flakes/meson.build  |  1 +
 tests/functional/flakes/trace-ifd.sh | 33 ++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 tests/functional/flakes/trace-ifd.sh

diff --git a/tests/functional/flakes/meson.build b/tests/functional/flakes/meson.build
index 213c388a6..801fefc6f 100644
--- a/tests/functional/flakes/meson.build
+++ b/tests/functional/flakes/meson.build
@@ -33,6 +33,7 @@ suites += {
     'debugger.sh',
     'source-paths.sh',
     'old-lockfiles.sh',
+    'trace-ifd.sh',
   ],
   'workdir': meson.current_source_dir(),
 }
diff --git a/tests/functional/flakes/trace-ifd.sh b/tests/functional/flakes/trace-ifd.sh
new file mode 100644
index 000000000..f5c54f651
--- /dev/null
+++ b/tests/functional/flakes/trace-ifd.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+source ./common.sh
+
+requireGit
+
+flake1Dir="$TEST_ROOT/flake"
+
+createGitRepo "$flake1Dir"
+createSimpleGitFlake "$flake1Dir"
+
+cat > "$flake1Dir/flake.nix" <<'EOF'
+{
+  outputs = { self }: let inherit (import ./config.nix) mkDerivation; in {
+    drv = mkDerivation {
+      name = "drv";
+      buildCommand = ''
+        echo drv >$out
+      '';
+    };
+
+    ifd = mkDerivation {
+      name = "ifd";
+      buildCommand = ''
+        echo ${builtins.readFile self.drv} >$out
+      '';
+    };
+  };
+}
+EOF
+
+nix build "$flake1Dir#ifd" --option trace-import-from-derivation true 2>&1 \
+  | grepQuiet 'warning: built .* during evaluation due to an import from derivation'

From 0b66fd3c34f7a5f07629b7c4bc68d8bae9f0ad06 Mon Sep 17 00:00:00 2001
From: gustavderdrache <gustavderdrache@gmail.com>
Date: Thu, 22 May 2025 15:28:02 -0400
Subject: [PATCH 3/3] Update src/libexpr/include/nix/expr/eval-settings.hh

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
---
 src/libexpr/include/nix/expr/eval-settings.hh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libexpr/include/nix/expr/eval-settings.hh b/src/libexpr/include/nix/expr/eval-settings.hh
index 3ad2e9d2d..6a58377e1 100644
--- a/src/libexpr/include/nix/expr/eval-settings.hh
+++ b/src/libexpr/include/nix/expr/eval-settings.hh
@@ -157,7 +157,7 @@ struct EvalSettings : Config
           By default, Nix allows [Import from Derivation](@docroot@/language/import-from-derivation.md).
 
           When this setting is `true`, Nix will log a warning indicating that it performed such an import.
-          The `allow-import-from-derivation` setting takes precedence, and no warnings will be logged if that setting is also enabled.
+          This option has no effect if `allow-import-from-derivation` is disabled.
         )"
         };