From fbac9d2055aeae2562a49ece65dd15ee6254724b Mon Sep 17 00:00:00 2001 From: langsjo <104687438+langsjo@users.noreply.github.com> Date: Fri, 18 Jul 2025 00:01:54 +0300 Subject: [PATCH] stdenv: assert that `env` is an attrset --- doc/release-notes/rl-2511.section.md | 2 ++ pkgs/stdenv/generic/make-derivation.nix | 23 ++++++++++------------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 181621077a77..dcb6c6555c15 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -27,6 +27,8 @@ - `gnome-keyring` no longer ships with an SSH agent anymore because it has been deprecated upstream. You should use `gcr_4` instead, which provides the same features. More information on why this was done can be found on [the relevant GCR upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67). +- `stdenv.mkDerivation` and other derivation builders that use it no longer allow the value of `env` to be anything but an attribute set, for the purpose of setting environment variables that are available to the [builder](https://nix.dev/manual/nix/latest/store/derivation/#builder) process. An environment variable called `env` can still be provided by means of `mkDerivation { env.env = ...; }`, though we recommend to use a more specific name than "env". + - `conftest` since `0.60.0` has moved to use rego `v1` as default. To continue using `v0` use `--rego-version v0`. For more information about upgrading to Rego v1 syntax, see the [upstream docs](https://www.openpolicyagent.org/docs/latest/v0-upgrade/). - `tooling-language-server` has been renamed to `deputy` (both the package and binary), following the rename of the upstream project. diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 457f24e664b0..65cda200c874 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -748,18 +748,15 @@ let let mainProgram = meta.mainProgram or null; env' = env // lib.optionalAttrs (mainProgram != null) { NIX_MAIN_PROGRAM = mainProgram; }; - envIsExportable = isAttrs env' && !isDerivation env'; derivationArg = makeDerivationArgument ( - removeAttrs attrs ( - [ - "meta" - "passthru" - "pos" - ] - ++ optional (__structuredAttrs || envIsExportable) "env" - ) - // optionalAttrs __structuredAttrs { env = checkedEnv; } + removeAttrs attrs ([ + "meta" + "passthru" + "pos" + "env" + ]) + // lib.optionalAttrs __structuredAttrs { env = checkedEnv; } // { cmakeFlags = makeCMakeFlags attrs; mesonFlags = makeMesonFlags attrs; @@ -787,8 +784,8 @@ let }"; errors = lib.concatMapStringsSep "\n" makeError overlappingNames; in - assert assertMsg envIsExportable - "When using structured attributes, `env` must be an attribute set of environment variables."; + assert assertMsg (isAttrs env && !isDerivation env) + "`env` must be an attribute set of environment variables. Set `env.env` or pick a more specific name."; assert assertMsg (overlappingNames == [ ]) "The `env` attribute set cannot contain any attributes passed to derivation. The following attributes are overlapping:\n${errors}"; mapAttrs ( @@ -882,7 +879,7 @@ let # should be made available to Nix expressions using the # derivation (e.g., in assertions). passthru - ) (derivation (derivationArg // optionalAttrs envIsExportable checkedEnv)); + ) (derivation (derivationArg // checkedEnv)); in {