Removes the build time dependency on pkg-config if python3 is build with the `withMinimal` flag enabled
This change is driven by the motivation to use python3 earlier in stdenv for hooks.
Make python3 minimal truly minimal by disabling some more dependencies.
This makes it easy to bootstrap python.
After this, the only remaining runtime deps for python3Minimal are:
- bash (for launching subprocesses with shell=True)
- libc
- libgcc
- libffi
All remaining deps seem to be fundamental and cannot be further reduced, except bash which could potentially be removed and replaced with `$SHELL` at runtime.
Done:
- add some more withXXX switches to the cpython package
- use new switches in python3Minimal to disable some deps
- set some other deps to null in python3Minimal
- Set `allowedReferences` to guarantee that the closure remains minimal in the future.
They are not doing anything right now. This is in preparation for their
complete removal from the tree.
Note: several changes that affect the derivation inputs (e.g. removal of
references to stub paths in build instructions) were left out. They will
be cleaned up the next iteration and will require special care.
Note: this PR is a result of a mix of ugly regex (not AST) based
automation and some manual labor. For reference, the regex automation
part was hacked in: https://github.com/booxter/nix-clean-apple_sdk
Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
This reverts commit 65a333600d.
This wasn't tested for correctness with something like fodwatch [0],
and should not have been (self-)merged so quickly, especially without
further review.
It also resulted in the breakage of at least one package [1] (and that's
the one we know of and was caught).
A few packages that were updated in between this commit and this revert
were not reverted back to using `rev`, but other than that, this is a
1:1 revert.
[0]: https://codeberg.org/raphaelr/fodwatch
[1]: https://github.com/NixOS/nixpkgs/pull/396904 / 758551e458
An attempt to address #338231. The current release of nixpkgs takes over
20GB of memory to evaluate python when the interpreter is overriden.
This adds memoization to the spliced python packages to avoid
evaluating all the commbinations of overrides.
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
* util-linuxMinimal: build without pam and shadow
These depend on python via audit preventing the use of libuuid from
util-linux in python builds.
* cpython: provide libuuid for the _uuid module
Relying on libuuid offers synchronization primitives, so that "no two
processes can obtain the same UUID"¹.
[1] https://docs.python.org/3/library/uuid.html#module-uuid
The status quo of `bash` not being interactive is frustrating for many users,
because trying to use it interactively is just messed up, and
`bashInteractive` is not intuitive and barely discoverable.
This was brought to my (and many others) attention by @stahnma in his
[talk at CfgMgmtCamp 2025](https://cfp.cfgmgmtcamp.org/ghent2025/talk/YUVUTN/),
where he highlighted this as one of the frustrations he ran into when
learning Nix.
Why this is fine:
- No reason for not making interactive the default was given in the original commit (6c6ff6f36f), but probably it was due to the increase in closure size
- The closure size only increases by 6.9MiB (19.5%) today, with the
added dependency on the store paths for readline and ncurses, which
are needed on systems in almost all cases anyways
- If somebody really needs to get a more minimal system, they can use
the newly-introduced `bashNonInteractive` instead now
- Though to apply it consistently, they'll need to do that in an
overlay like
```
final: prev: {
bash = self.bashNonInteractive;
}
```
Or alternatively using the `system.replaceDependencies.replacements`
NixOS option approach.
While there's also other such `*Interactive` packages that could use the
same treatment, `bash` is a great start.
This was already attempted before in
https://github.com/NixOS/nixpkgs/pull/151227, but was not continued for
unknown reason.
To avoid stdenv becoming bigger, all uses of bash in the (working)
stdenv's are changed to the explicitly non-interactive version here.
This commit will however still cause a mass rebuild for all packages (and reverse deps)
making use of the default bash.
