Skip to content

fix inputDerivation in case of __structuredAttrs #469652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ericson2314 merged 3 commits into from
Dec 13, 2025
Merged

fix inputDerivation in case of __structuredAttrs #469652

Ericson2314 merged 3 commits into from
Dec 13, 2025

Conversation

@Radvendii
Copy link
Contributor

@Radvendii Radvendii commented Dec 10, 2025
edited
Loading

package.inputDerivation is broken when package sets __structuredAttrs = true;. You can test this with

$ nix-build --expr 'with import <nixpkgs> {}; (pkgs.hello.overrideAttrs { __structuredAttrs = true; }).inputDerivation'
this derivation will be built:
  /nix/store/5cg7cp1ym7zs9lzxvnqryj2s058m5gld-hello-2.12.1.drv
these 2 paths will be fetched (0.99 MiB download, 0.99 MiB unpacked):
  /nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz
  /nix/store/b8w73v17699k1zdnd31lvzzcp5f0rmni-version-check-hook
copying path '/nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz' from 'https://cache.nixos.org'...
copying path '/nix/store/b8w73v17699k1zdnd31lvzzcp5f0rmni-version-check-hook' from 'https://cache.nixos.org'...
building '/nix/store/5cg7cp1ym7zs9lzxvnqryj2s058m5gld-hello-2.12.1.drv'...
error: output '/nix/store/30kpdjhl0iy97z3lama80q93b6jgxh5y-hello-2.12.1' is not allowed to refer to the following paths:
         /nix/store/30kpdjhl0iy97z3lama80q93b6jgxh5y-hello-2.12.1
         /nix/store/b8w73v17699k1zdnd31lvzzcp5f0rmni-version-check-hook
         /nix/store/l9k32vj2aczxw62134j1x0dsh569jz2l-bash-5.2p37
         /nix/store/lfwfj17y9fpjb73nsj2m35rmkh587a0x-stdenv-linux
         /nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz
         /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
         /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh

There is an attempt to account for this in the implementation of inputDerivation, but it's broken. The issue is that it assumes setting allowedRefrences and allowedRequisites to null will be like not setting them at all, which is false.

It does seem to work as top-level attributes (though I'm honestly not sure why this works, and I couldn't get it to work in my own derivations1), but in outputChecks.out.allowedReferences, it definitely doesn't work.

In any case, Rather than setting allowedReferences, disallowedReferences, allowedRequisites and disallowedRequisites to values that we hope mimic the default behaviour, we can remove those attributes to get the default behaviour.

Related issues:

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

Footnotes

  1. It works currently because __ignoreNulls = true; is added. However, this only seems to work for top-level attributes, not outputChecks.out.foo. I still think getting rid of the attributes entirely is the right way forward.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 6.topic: stdenv Standard environment labels Dec 10, 2025
@Radvendii
Copy link
Contributor Author

Radvendii commented Dec 10, 2025
edited
Loading

It would also be nice if this could get back-ported to 25.11.

Since 25.11, separateDebugInfo = true; and setting {dis,}allowed{References,Requisites} requires __structuredAttrs = true;.

Which makes this bug much more likely to happen. (or at least, that's why we ran into it in nix)

@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Dec 10, 2025

Dupliate of #463882 ?

@Radvendii
Copy link
Contributor Author

Radvendii commented Dec 10, 2025

Ah good call. I prefer my solution, but I would take the rename and test from the other.

@infinisil What do you think?

Ericson2314
Ericson2314 reviewed Dec 10, 2025
View reviewed changes
@Ericson2314
Copy link
Member

Ericson2314 commented Dec 10, 2025

Let's get the tests from that other PR (and add more of them), too.

@wolfgangwalther wolfgangwalther removed their request for review December 10, 2025 19:35
@Radvendii Radvendii force-pushed the fix-allowedreferences branch 3 times, most recently from 35d1721 to b52e0f0 Compare December 11, 2025 01:09
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. and removed 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. labels Dec 11, 2025
@Radvendii
Copy link
Contributor Author

Radvendii commented Dec 11, 2025
edited
Loading

@Ericson2314 This time I intentionally reintroduced the typo temporarily to make sure the tests I added would catch it.

@Radvendii Radvendii force-pushed the fix-allowedreferences branch from 27c269f to ddec463 Compare December 11, 2025 16:29
@Radvendii
Copy link
Contributor Author

Radvendii commented Dec 12, 2025

Is it normal for CI to be stuck in queue for a whole day? I don't mind necessarily, I just want to make sure there's nothing I should be doing to push this forward.

@Radvendii
stdenv: fix inputDerivation in case of __structuredAttrs
04c3ba5 
Setting allowedReferences to null seems to only work as a fluke. It
doesn't work with outputChecks, and I couldn't get it to work at all
when declaring my own derivation manually (I'm honestly still unsure why
it works at all as-is in inputDerivation)

In any case, Rather than setting allowedReferences etc to values that
mimic the default behaviour, we can remove those attributes to get the
default behaviour.
@Radvendii
stdenv: add tests for inputDerivation with allowedReferences, etc.
97c3645 
Co-authored-by: infinisil <[email protected]>

!fixup every test needs a meta field?

!fixup refactor inputDerivation tests

!fixup fix tests
@Radvendii Radvendii force-pushed the fix-allowedreferences branch from ddec463 to 97c3645 Compare December 12, 2025 19:23
@Radvendii
Copy link
Contributor Author

Radvendii commented Dec 12, 2025

Okay, I tested this locally using nix-build -A tests.stdenv, and there were indeed problems with the tests. So I fixed those problems, and tested again. These tests catch it if we misspell or remove one of the outputCheckAttrs.

And they pass with this PR as it currently is.

@Ericson2314 Ericson2314 added this pull request to the merge queue Dec 13, 2025
Merged via the queue into NixOS:master with commit e3a74fd Dec 13, 2025
27 of 30 checks passed
@github-project-automation github-project-automation bot moved this to Done in Stdenv Dec 13, 2025
@infinisil
Copy link
Member

infinisil commented Dec 13, 2025

@infinisil What do you think?

I don't mind as long as it works, thanks for the additional tests, I'll close mine!

@infinisil infinisil mentioned this pull request Dec 13, 2025
Closed
13 tasks
@Ericson2314 Ericson2314 added the backport release-25.11 Backport PR automatically label Dec 13, 2025
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Dec 13, 2025

Successfully created backport PR for release-25.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Dec 13, 2025
Merged
@github-actions github-actions bot added the 8.has: port to stable This PR already has a backport to the stable release. label Dec 13, 2025
@Radvendii Radvendii deleted the fix-allowedreferences branch December 22, 2025 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ericson2314 Ericson2314 Ericson2314 approved these changes

@Artturin Artturin Awaiting requested review from Artturin

@emilazy emilazy Awaiting requested review from emilazy

@philiptaron philiptaron Awaiting requested review from philiptaron

@reckenrode reckenrode Awaiting requested review from reckenrode

@RossComputerGuy RossComputerGuy Awaiting requested review from RossComputerGuy

@ShamrockLee ShamrockLee Awaiting requested review from ShamrockLee

Assignees

No one assigned

Labels

6.topic: stdenv Standard environment 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. backport release-25.11 Backport PR automatically

Projects

Stdenv
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Radvendii @wolfgangwalther @Ericson2314 @infinisil