From d0c194efc102e4f49717624f4ffbab404d1c2d38 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Tue, 2 Dec 2025 01:14:02 +0300 Subject: [PATCH 01/16] maintainers/flake-module: Pin clang-format to 21 We don't want too much unnecessary formatting churn. --- maintainers/flake-module.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 414e6c570ab4..da529db0d07f 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -93,7 +93,7 @@ clang-format = { enable = true; # https://github.com/cachix/git-hooks.nix/pull/532 - package = pkgs.llvmPackages_latest.clang-tools; + package = pkgs.llvmPackages_21.clang-tools; excludes = [ # We don't want to format test data # ''tests/(?!nixos/).*\.nix'' From 50050b5ef1a26b4fe205ed8b2acef241e98ed2c5 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Tue, 2 Dec 2025 01:17:08 +0300 Subject: [PATCH 02/16] flake: Bump nixpkgs to 25.11 --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index b2173f90b341..7332f38020d4 100644 --- a/flake.lock +++ b/flake.lock @@ -63,15 +63,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-zZk7fn2ARAqmLwaYTpxBJmj81KIdz11NiWt7ydHHD/M=", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "lastModified": 1769089682, + "narHash": "sha256-Xu+7iYcAuOvsI2wdkUcIEmkqEJbvvE6n7qR9QNjJyP4=", + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.813095.1c8ba8d3f763/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.4506.078d69f03934/nixexprs.tar.xz" }, "original": { "type": "tarball", - "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz" + "url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz" } }, "nixpkgs-23-11": { diff --git a/flake.nix b/flake.nix index be93ece607e5..adcbe22d31ae 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "The purely functional package manager"; - inputs.nixpkgs.url = "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"; + inputs.nixpkgs.url = "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz"; inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2"; inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446"; From d45004f5ecb61c89a2833fd866d8b481f9e5f601 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Tue, 2 Dec 2025 01:26:03 +0300 Subject: [PATCH 03/16] treewide: Apply formatter diffs Also disable some churny formatters on some specific files. --- maintainers/flake-module.nix | 9 ++++++++- nix-meson-build-support/common/asan-options/meson.build | 2 +- scripts/install-systemd-multi-user.sh | 1 + src/libexpr/include/nix/expr/value.hh | 4 ++-- tests/functional/local-overlay-store/common.sh | 1 + tests/functional/test-infra.sh | 6 +++--- tests/nixos/fetch-git/testsupport/setup.nix | 2 +- tests/nixos/remote-builds-ssh-ng.nix | 2 +- 8 files changed, 18 insertions(+), 9 deletions(-) diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index da529db0d07f..5de5a5c91ad7 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -88,6 +88,13 @@ ''^tests/functional/lang/eval-fail-path-slash\.nix$'' ''^tests/functional/lang/eval-fail-toJSON-non-utf-8\.nix$'' ''^tests/functional/lang/eval-fail-set\.nix$'' + + # Language tests, don't churn the formatting of strings + ''^tests/functional/lang/eval-fail-fromTOML-overflow\.nix$'' + ''^tests/functional/lang/eval-fail-fromTOML-underflow\.nix$'' + ''^tests/functional/lang/eval-fail-bad-string-interpolation-3\.nix$'' + ''^tests/functional/lang/eval-fail-bad-string-interpolation-4\.nix$'' + ''^tests/functional/lang/eval-okay-regex-match2\.nix$'' ]; }; clang-format = { @@ -97,7 +104,7 @@ excludes = [ # We don't want to format test data # ''tests/(?!nixos/).*\.nix'' - ''^src/[^/]*-tests/data/.*$'' + "^src/[^/]*-tests/data/.*$" # Don't format vendored code ''^doc/manual/redirects\.js$'' diff --git a/nix-meson-build-support/common/asan-options/meson.build b/nix-meson-build-support/common/asan-options/meson.build index 80527b5a9884..56e6a6a56a7f 100644 --- a/nix-meson-build-support/common/asan-options/meson.build +++ b/nix-meson-build-support/common/asan-options/meson.build @@ -1,7 +1,7 @@ # Clang gets grumpy about missing libasan symbols if -shared-libasan is not # passed when building shared libs, at least on Linux if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option( - 'b_sanitize', + 'b_sanitize', )) add_project_link_arguments('-shared-libasan', language : 'cpp') endif diff --git a/scripts/install-systemd-multi-user.sh b/scripts/install-systemd-multi-user.sh index 8abbb7af4ad2..a20a57b907c0 100755 --- a/scripts/install-systemd-multi-user.sh +++ b/scripts/install-systemd-multi-user.sh @@ -38,6 +38,7 @@ escape_systemd_env() { create_systemd_proxy_env() { vars="http_proxy https_proxy ftp_proxy all_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY NO_PROXY" for v in $vars; do + # shellcheck disable=SC2268 if [ "x${!v:-}" != "x" ]; then echo "Environment=${v}=$(escape_systemd_env "${!v}")" fi diff --git a/src/libexpr/include/nix/expr/value.hh b/src/libexpr/include/nix/expr/value.hh index 6f533b73b206..479a4fddc133 100644 --- a/src/libexpr/include/nix/expr/value.hh +++ b/src/libexpr/include/nix/expr/value.hh @@ -533,8 +533,8 @@ inline constexpr bool useBitPackedValueStorage = (ptrSize == 8) && (__STDCPP_DEF * Packs discriminator bits into the pointer alignment niches. */ template -class alignas(16) ValueStorage>> - : public detail::ValueBase +class alignas(16) + ValueStorage>> : public detail::ValueBase { /* Needs a dependent type name in order for member functions (and * potentially ill-formed bit casts) to be SFINAE'd out. diff --git a/tests/functional/local-overlay-store/common.sh b/tests/functional/local-overlay-store/common.sh index 39ffa6e5a4f0..2c21eaa998db 100644 --- a/tests/functional/local-overlay-store/common.sh +++ b/tests/functional/local-overlay-store/common.sh @@ -70,6 +70,7 @@ mountOverlayfs () { "$storeBRoot/nix/store" \ || skipTest "overlayfs is not supported" + # shellcheck disable=SC2329 cleanupOverlay () { # shellcheck disable=2317 umount -n "$storeBRoot/nix/store" diff --git a/tests/functional/test-infra.sh b/tests/functional/test-infra.sh index 2da26b08ccd8..b702dfe5d29f 100755 --- a/tests/functional/test-infra.sh +++ b/tests/functional/test-infra.sh @@ -48,7 +48,7 @@ expectStderr 1 noisyFalse | grepQuiet NAY # `set -o pipefile` is enabled -# shellcheck disable=SC2317# shellcheck disable=SC2317 +# shellcheck disable=SC2329 pipefailure () { # shellcheck disable=SC2216 true | false | true @@ -56,7 +56,7 @@ pipefailure () { expect 1 pipefailure unset pipefailure -# shellcheck disable=SC2317 +# shellcheck disable=2329 pipefailure () { # shellcheck disable=SC2216 false | true | true @@ -84,7 +84,7 @@ expect 1 useUnbound # ! alone unfortunately negates `set -e`, but it works in functions: # shellcheck disable=SC2251 ! true -# shellcheck disable=SC2317 +# shellcheck disable=SC2329 funBang () { ! true } diff --git a/tests/nixos/fetch-git/testsupport/setup.nix b/tests/nixos/fetch-git/testsupport/setup.nix index c13386c72230..1fbf5ff7448f 100644 --- a/tests/nixos/fetch-git/testsupport/setup.nix +++ b/tests/nixos/fetch-git/testsupport/setup.nix @@ -86,7 +86,7 @@ in "flakes" ]; }; - setupScript = ''''; + setupScript = ""; testScript = '' start_all(); diff --git a/tests/nixos/remote-builds-ssh-ng.nix b/tests/nixos/remote-builds-ssh-ng.nix index c298ab92d46d..d23183f351c7 100644 --- a/tests/nixos/remote-builds-ssh-ng.nix +++ b/tests/nixos/remote-builds-ssh-ng.nix @@ -20,7 +20,7 @@ let builder = "''${utils}/bin/sh"; args = [ "-c" "${ lib.concatStringsSep "; " [ - ''if [[ -n $NIX_LOG_FD ]]'' + "if [[ -n $NIX_LOG_FD ]]" ''then echo '@nix {\"action\":\"setPhase\",\"phase\":\"buildPhase\"}' >&''$NIX_LOG_FD'' "fi" "echo Hello" From 0dd38bc8b680e59abbc1bdb19928d811574f91fb Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Fri, 23 Jan 2026 00:02:33 +0300 Subject: [PATCH 04/16] packaging/dependencies: Override fixes - nghttp3 is not supported on mingw - onetbb doesn't build on mingw - lowdown override is no longer needed, same for toml11 --- packaging/dependencies.nix | 32 ++++++-------------------------- 1 file changed, 6 insertions(+), 26 deletions(-) diff --git a/packaging/dependencies.nix b/packaging/dependencies.nix index 812750f654ce..c08b23a1e18d 100644 --- a/packaging/dependencies.nix +++ b/packaging/dependencies.nix @@ -30,33 +30,13 @@ scope: { NIX_CFLAGS_COMPILE = "-DINITIAL_MARK_STACK_SIZE=1048576"; }); - lowdown = pkgs.lowdown.overrideAttrs (prevAttrs: rec { - version = "2.0.2"; - src = pkgs.fetchurl { - url = "https://kristaps.bsd.lv/lowdown/snapshots/lowdown-${version}.tar.gz"; - hash = "sha512-cfzhuF4EnGmLJf5EGSIbWqJItY3npbRSALm+GarZ7SMU7Hr1xw0gtBFMpOdi5PBar4TgtvbnG4oRPh+COINGlA=="; - }; - nativeBuildInputs = prevAttrs.nativeBuildInputs ++ [ pkgs.buildPackages.bmake ]; - postInstall = - lib.replaceStrings [ "lowdown.so.1" "lowdown.1.dylib" ] [ "lowdown.so.2" "lowdown.2.dylib" ] - (prevAttrs.postInstall or ""); - patches = [ ]; - }); + curl = pkgs.curl.override { + http3Support = !pkgs.stdenv.hostPlatform.isWindows; + }; - # TODO: Remove this when https://github.com/NixOS/nixpkgs/pull/442682 is included in a stable release - toml11 = - if lib.versionAtLeast pkgs.toml11.version "4.4.0" then - pkgs.toml11 - else - pkgs.toml11.overrideAttrs rec { - version = "4.4.0"; - src = pkgs.fetchFromGitHub { - owner = "ToruNiina"; - repo = "toml11"; - tag = "v${version}"; - hash = "sha256-sgWKYxNT22nw376ttGsTdg0AMzOwp8QH3E8mx0BZJTQ="; - }; - }; + libblake3 = pkgs.libblake3.override { + useTBB = !(stdenv.hostPlatform.isWindows || stdenv.hostPlatform.isStatic); + }; # TODO Hack until https://github.com/NixOS/nixpkgs/issues/45462 is fixed. boost = From 8928cb4fb8103ba033f6fb288e67ba5ea808e3de Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Tue, 2 Dec 2025 15:19:24 +0100 Subject: [PATCH 05/16] separateDebugInfo implies __structuredAttrs --- packaging/components.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packaging/components.nix b/packaging/components.nix index 6757323c428e..6c4e462eaa6a 100644 --- a/packaging/components.nix +++ b/packaging/components.nix @@ -160,6 +160,9 @@ let pkg-config ]; separateDebugInfo = !stdenv.hostPlatform.isStatic; + # needed by separateDebugInfo + # SEE: https://github.com/NixOS/nixpkgs/pull/394674/commits/a4d355342976e9e9823fb94f133bc43ebec9da5b + __structuredAttrs = finalAttrs.separateDebugInfo; hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; }; From d5544919e4dc13af99e9d82bc00f8efbbb02a8f1 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Tue, 2 Dec 2025 21:20:06 +0100 Subject: [PATCH 06/16] tests: minio: mc config host add -> mc alias set `mc config host add` has been removed SEE: https://github.com/minio/mc/issues/5206 --- tests/nixos/s3-binary-cache-store.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/nixos/s3-binary-cache-store.nix b/tests/nixos/s3-binary-cache-store.nix index 5804057487dc..ae3cb82a4c3e 100644 --- a/tests/nixos/s3-binary-cache-store.nix +++ b/tests/nixos/s3-binary-cache-store.nix @@ -873,7 +873,7 @@ in server.wait_for_unit("minio") server.wait_for_unit("network-addresses-eth1.service") server.wait_for_open_port(9000) - server.succeed(f"mc config host add minio http://localhost:9000 {ACCESS_KEY} {SECRET_KEY} --api s3v4") + server.succeed(f"mc alias set minio http://localhost:9000 {ACCESS_KEY} {SECRET_KEY} --api s3v4") # Run tests (each gets isolated bucket via decorator) test_credential_caching() From db576d599c39419a7c53dcf4a89de3bb82ba1b27 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Mon, 8 Dec 2025 20:00:29 +0100 Subject: [PATCH 07/16] fix infinite recursion --- packaging/components.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/components.nix b/packaging/components.nix index 6c4e462eaa6a..7da35e020362 100644 --- a/packaging/components.nix +++ b/packaging/components.nix @@ -155,14 +155,14 @@ let ]; }; - mesonBuildLayer = finalAttrs: prevAttrs: { + mesonBuildLayer = finalAttrs: prevAttrs: rec { nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ pkg-config ]; separateDebugInfo = !stdenv.hostPlatform.isStatic; # needed by separateDebugInfo # SEE: https://github.com/NixOS/nixpkgs/pull/394674/commits/a4d355342976e9e9823fb94f133bc43ebec9da5b - __structuredAttrs = finalAttrs.separateDebugInfo; + __structuredAttrs = separateDebugInfo; hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; }; From 7985873f73efb98786e30467017722775854894c Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Sun, 14 Dec 2025 01:54:59 +0100 Subject: [PATCH 08/16] inputDerivation is fixed upstream fixed in nixpkgs PR #469652 --- tests/nixos/functional/common.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/tests/nixos/functional/common.nix b/tests/nixos/functional/common.nix index 4d32b7573245..57f0bbc6a1c5 100644 --- a/tests/nixos/functional/common.nix +++ b/tests/nixos/functional/common.nix @@ -1,14 +1,5 @@ { lib, nixComponents, ... }: -let - # FIXME (roberth) reference issue - inputDerivation = - pkg: - (pkg.overrideAttrs (o: { - disallowedReferences = [ ]; - })).inputDerivation; - -in { # We rarely change the script in a way that benefits from type checking, so # we skip it to save time. @@ -20,7 +11,7 @@ in virtualisation.writableStore = true; system.extraDependencies = [ - (inputDerivation config.nix.package) + config.nix.package.inputDerivation ]; nix.settings.substituters = lib.mkForce [ ]; From dad793fcfdd2c0d7a131b47582a7a3a843f7088c Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Sun, 14 Dec 2025 03:33:11 +0100 Subject: [PATCH 09/16] fix perl dependencies error --- src/perl/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/perl/package.nix b/src/perl/package.nix index 864558ec855e..e25b2996c83c 100644 --- a/src/perl/package.nix +++ b/src/perl/package.nix @@ -47,6 +47,8 @@ perl.pkgs.toPerlModule ( nix-store bzip2 libsodium + perlPackages.DBI + perlPackages.DBDSQLite ]; # `perlPackages.Test2Harness` is marked broken for Darwin @@ -64,8 +66,6 @@ perl.pkgs.toPerlModule ( ''; mesonFlags = [ - (lib.mesonOption "dbi_path" "${perlPackages.DBI}/${perl.libPrefix}") - (lib.mesonOption "dbd_sqlite_path" "${perlPackages.DBDSQLite}/${perl.libPrefix}") (lib.mesonEnable "tests" finalAttrs.finalPackage.doCheck) ]; From e72a8bebb852af341f52c24882611178106ddf7c Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Mon, 15 Dec 2025 00:58:21 +0100 Subject: [PATCH 10/16] update .gitignore new version of meson creates some state file --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 4782bfbafd27..7f79bff759b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ # Default meson build dir /build +# Meson creates this file too +src/.wraplock # /tests/functional/ /tests/functional/common/subst-vars.sh From fb6274b3128f101e4119981feddd3a7cbf8c7931 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Wed, 31 Dec 2025 22:25:58 +0100 Subject: [PATCH 11/16] fix nix-serve with hacky workaround --- tests/nixos/fetchers-substitute.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/nixos/fetchers-substitute.nix b/tests/nixos/fetchers-substitute.nix index bfe15c5c36e7..7abadd43af64 100644 --- a/tests/nixos/fetchers-substitute.nix +++ b/tests/nixos/fetchers-substitute.nix @@ -1,9 +1,26 @@ +{ nixComponents, ... }: { name = "fetchers-substitute"; nodes.substituter = { pkgs, ... }: { + # nix-serve is broken while cross-compiling in nixpkgs 25.11. It's been + # fixed since, but while we're pinning 25.11 we use this workaround. + nixpkgs.overlays = [ + (final: prev: { + nix-serve = + final.lib.warnIf (final.lib.versions.majorMinor final.lib.version != "25.11") + "remove the hack in fetchers-substitute.nix when updating nixpkgs from 25.11" + ( + prev.nix-serve.override { + nix = prev.nix // { + libs.nix-perl-bindings = nixComponents.nix-perl-bindings; + }; + } + ); + }) + ]; virtualisation.writableStore = true; nix.settings.extra-experimental-features = [ From f43566f4d79613200a26593e9a50bb7d491a3d88 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Fri, 23 Jan 2026 00:17:45 +0300 Subject: [PATCH 12/16] packaging/components: Drop hardeningDisable This is no longer necessary and produces an eval warning: > evaluation warning: The 'pie' hardening flag has been removed in favor of enabling PIE by default in compilers and should no longer be used. This was first introduced in 2200f315daff989a974ed4fac445f90a06d55e81, but is no longer necessary since the switch to meson. --- packaging/components.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/packaging/components.nix b/packaging/components.nix index 7da35e020362..dcbe8f93101b 100644 --- a/packaging/components.nix +++ b/packaging/components.nix @@ -163,7 +163,6 @@ let # needed by separateDebugInfo # SEE: https://github.com/NixOS/nixpkgs/pull/394674/commits/a4d355342976e9e9823fb94f133bc43ebec9da5b __structuredAttrs = separateDebugInfo; - hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; }; mesonLibraryLayer = finalAttrs: prevAttrs: { From 3cb27988fb56ac90da4edf9550a65a24f593c9fc Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Mon, 15 Dec 2025 16:31:55 +0100 Subject: [PATCH 13/16] update error message of new daemon --- tests/functional/build.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/functional/build.sh b/tests/functional/build.sh index dbc72d991352..702783678b2d 100755 --- a/tests/functional/build.sh +++ b/tests/functional/build.sh @@ -191,7 +191,10 @@ test "$status" = 1 # Precise number of errors depends on daemon version / goal refactorings (( "$(<<<"$out" grep -cE '^error:')" >= 2 )) -if isDaemonNewer "2.29pre"; then +if isDaemonNewer "2.31"; then + <<<"$out" grepQuiet -E "error: Cannot build '.*-x4\\.drv'" + <<<"$out" grepQuiet -E "Reason: 1 dependency failed." +elif isDaemonNewer "2.29pre"; then <<<"$out" grepQuiet -E "error: Cannot build '.*-x4\\.drv'" <<<"$out" grepQuiet -E "Reason: 1 dependency failed." <<<"$out" grepQuiet -E "Build failed due to failed dependency" From c1ab73f9213799a825319b5e754611270aae8d71 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Mon, 15 Dec 2025 01:07:28 +0100 Subject: [PATCH 14/16] tests: Update version requirements on tests --- tests/functional/ca/issue-13247.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/functional/ca/issue-13247.sh b/tests/functional/ca/issue-13247.sh index 70591951329b..29bc2f912014 100755 --- a/tests/functional/ca/issue-13247.sh +++ b/tests/functional/ca/issue-13247.sh @@ -42,7 +42,7 @@ buildViaSubstitute () { nix build -f issue-13247.nix "$1" --no-link --max-jobs 0 --substituters "$cache" --no-require-sigs --offline --substitute } -# Substitue just the first output +# Substitute just the first output buildViaSubstitute use-a-more-outputs^first # Should only fetch the output we asked for @@ -52,10 +52,10 @@ buildViaSubstitute use-a-more-outputs^first delete -# Failure with 2.28 encountered in CI -requireDaemonNewerThan "2.29" +# Failure with 2.33 encountered in CI +requireDaemonNewerThan "2.34pre" -# Substitue just the first output +# Substitute just the first output # # This derivation is the same after normalization, so we should get # early cut-off, and thus a chance to download just the output we want From d69001600b4729411eb1999b8f0c9f6482045d91 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Sun, 25 Jan 2026 22:24:30 +0300 Subject: [PATCH 15/16] tests/nixos/functional/unpriviledged-daemon: Use nixStoreMountOpts instead of readOnlyNixStore This option is not available in 25.11: > Please use the `boot.nixStoreMountOpts' option to define mount options for the Nix store, including 'ro' --- tests/nixos/functional/unprivileged-daemon.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/nixos/functional/unprivileged-daemon.nix b/tests/nixos/functional/unprivileged-daemon.nix index c0dfdf0c4e50..d9f969afa247 100644 --- a/tests/nixos/functional/unprivileged-daemon.nix +++ b/tests/nixos/functional/unprivileged-daemon.nix @@ -21,7 +21,11 @@ nix.enable = false; # Unprivileged nix daemon cannot remount store read/write, so never make it read-only in the first place. - boot.readOnlyNixStore = false; + boot.nixStoreMountOpts = lib.mkForce [ + "nodev" + "nosuid" + "rw" + ]; environment.systemPackages = [ config.nix.package ]; # nix normally defaults to local if running as root, we want root to use the daemon as well. From 00f67ee5d5c6513607c5fb5f9e9ef5580235767f Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Sun, 25 Jan 2026 23:56:44 +0300 Subject: [PATCH 16/16] tests/functional: Require newer daemon version for empty error message bugfix --- tests/functional/dyn-drv/failing-outer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/functional/dyn-drv/failing-outer.sh b/tests/functional/dyn-drv/failing-outer.sh index dcf3e830ed54..709f79619ea2 100644 --- a/tests/functional/dyn-drv/failing-outer.sh +++ b/tests/functional/dyn-drv/failing-outer.sh @@ -41,5 +41,8 @@ out=$(nix build --impure --no-link --expr ' builtins.outputOf failingProducer.outPath "out" ' 2>&1) || true +# Store layer needs bugfix +requireDaemonNewerThan "2.34pre" + # The error message must NOT be empty - it should mention the failed derivation echo "$out" | grepQuiet "failed to obtain derivation of"