From 23644a2b513edad86535d1dc983be2835cbcf99d Mon Sep 17 00:00:00 2001
From: Taeer Bar-Yam <taeer@bar-yam.me>
Date: Thu, 11 Dec 2025 00:27:02 +0100
Subject: [PATCH 1/3] stdenv: make inputDerivation name distinct from original

Co-authored-by: infinisil <github@infinisil.com>
---
 pkgs/stdenv/generic/make-derivation.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 8ae991cb53661..7457efabfea66 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -879,7 +879,7 @@ let
           deleteFixedOutputRelatedAttrs derivationArg
           // {
             # Add a name in case the original drv didn't have one
-            name = derivationArg.name or "inputDerivation";
+            name = "inputDerivation" + lib.optionalString (derivationArg ? name) "-${derivationArg.name}";
             # This always only has one output
             outputs = [ "out" ];
 

From 04c3ba5606c31d587c389d5a8dd6a2f1dd560f6d Mon Sep 17 00:00:00 2001
From: Taeer Bar-Yam <taeer@bar-yam.me>
Date: Wed, 10 Dec 2025 17:53:24 +0100
Subject: [PATCH 2/3] stdenv: fix inputDerivation in case of __structuredAttrs

Setting allowedReferences to null seems to only work as a fluke. It
doesn't work with outputChecks, and I couldn't get it to work at all
when declaring my own derivation manually (I'm honestly still unsure why
it works at all as-is in inputDerivation)

In any case, Rather than setting allowedReferences etc to values that
mimic the default behaviour, we can remove those attributes to get the
default behaviour.
---
 pkgs/stdenv/generic/make-derivation.nix | 34 ++++++++++---------------
 1 file changed, 13 insertions(+), 21 deletions(-)

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 7457efabfea66..62aa85f9b7aab 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -860,12 +860,23 @@ let
       # for a fixed-output derivation, the corresponding inputDerivation should
       # *not* be fixed-output. To achieve this we simply delete the attributes that
       # would make it fixed-output.
-      deleteFixedOutputRelatedAttrs = lib.flip removeAttrs [
+      fixedOutputRelatedAttrs = [
         "outputHashAlgo"
         "outputHash"
         "outputHashMode"
       ];
 
+      # inputDerivation produces the inputs; not the outputs, so any
+      # restrictions on what used to be the outputs don't serve a purpose
+      # anymore.
+      outputCheckAttrs = [
+        "allowedReferences"
+        "allowedRequisites"
+        "disallowedReferences"
+        "disallowedRequisites"
+        "outputChecks"
+      ];
+
     in
 
     extendDerivation validity.handled (
@@ -876,7 +887,7 @@ let
         # needed to enter a nix-shell with
         #   nix-build shell.nix -A inputDerivation
         inputDerivation = derivation (
-          deleteFixedOutputRelatedAttrs derivationArg
+          removeAttrs derivationArg (fixedOutputRelatedAttrs ++ outputCheckAttrs)
           // {
             # Add a name in case the original drv didn't have one
             name = "inputDerivation" + lib.optionalString (derivationArg ? name) "-${derivationArg.name}";
@@ -911,25 +922,6 @@ let
               ''
             ];
           }
-          // (
-            let
-              sharedOutputChecks = {
-                # inputDerivation produces the inputs; not the outputs, so any
-                # restrictions on what used to be the outputs don't serve a purpose
-                # anymore.
-                allowedReferences = null;
-                allowedRequisites = null;
-                disallowedReferences = [ ];
-                disallowedRequisites = [ ];
-              };
-            in
-            if __structuredAttrs then
-              {
-                outputChecks.out = sharedOutputChecks;
-              }
-            else
-              sharedOutputChecks
-          )
         );
 
         inherit passthru overrideAttrs;

From 97c3645990b8183ccec92aa6e5e550dde645fd12 Mon Sep 17 00:00:00 2001
From: Taeer Bar-Yam <taeer@bar-yam.me>
Date: Thu, 11 Dec 2025 00:35:00 +0100
Subject: [PATCH 3/3] stdenv: add tests for inputDerivation with
 allowedReferences, etc.

Co-authored-by: infinisil <github@infinisil.com>

!fixup every test needs a meta field?

!fixup refactor inputDerivation tests

!fixup fix tests
---
 pkgs/test/stdenv/default.nix | 65 ++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/pkgs/test/stdenv/default.nix b/pkgs/test/stdenv/default.nix
index 3032b5d13b2b5..c11f93df0f5be 100644
--- a/pkgs/test/stdenv/default.nix
+++ b/pkgs/test/stdenv/default.nix
@@ -216,6 +216,22 @@ let
         touch $out
       '';
     };
+
+  testInputDerivationDep = stdenv.mkDerivation {
+    name = "test-input-derivation-dependency";
+    buildCommand = "touch $out";
+  };
+  testInputDerivation =
+    attrs:
+    (stdenv.mkDerivation (
+      attrs
+      // {
+        buildInputs = [ testInputDerivationDep ];
+      }
+    )).inputDerivation
+    // {
+      meta = { };
+    };
 in
 
 {
@@ -356,6 +372,55 @@ in
         touch $out
       '';
 
+  test-inputDerivation-structured = testInputDerivation {
+    name = "test-inDrv-structured";
+    __structuredAttrs = true;
+  };
+
+  test-inputDerivation-allowedReferences = testInputDerivation {
+    name = "test-inDrv-allowedReferences";
+    allowedReferences = [ ];
+  };
+
+  test-inputDerivation-disallowedReferences = testInputDerivation {
+    name = "test-inDrv-disallowedReferences";
+    disallowedReferences = [ "${testInputDerivationDep}" ];
+  };
+
+  test-inputDerivation-allowedRequisites = testInputDerivation {
+    name = "test-inDrv-allowedRequisites";
+    allowedRequisites = [ ];
+  };
+
+  test-inputDerivation-disallowedRequisites = testInputDerivation {
+    name = "test-inDrv-disallowedRequisites";
+    disallowedRequisites = [ "${testInputDerivationDep}" ];
+  };
+
+  test-inputDerivation-structured-allowedReferences = testInputDerivation {
+    name = "test-inDrv-structured-allowedReferences";
+    __structuredAttrs = true;
+    outputChecks.out.allowedReferences = [ ];
+  };
+
+  test-inputDerivation-structured-disallowedReferences = testInputDerivation {
+    name = "test-inDrv-structured-disallowedReferences";
+    __structuredAttrs = true;
+    outputChecks.out.disallowedReferences = [ "${testInputDerivationDep}" ];
+  };
+
+  test-inputDerivation-structured-allowedRequisites = testInputDerivation {
+    name = "test-inDrv-structured-allowedRequisites";
+    __structuredAttrs = true;
+    outputChecks.out.allowedRequisites = [ ];
+  };
+
+  test-inputDerivation-structured-disallowedRequisites = testInputDerivation {
+    name = "test-inDrv-structured-disallowedRequisites";
+    __structuredAttrs = true;
+    outputChecks.out.disallowedRequisites = [ "${testInputDerivationDep}" ];
+  };
+
   test-prepend-append-to-var = testPrependAndAppendToVar {
     name = "test-prepend-append-to-var";
     stdenv' = bootStdenv;