Merge master into staging-nixos

Changelog: https://github.com/astral-sh/ruff/releases/tag/0.15.16
Diff: https://github.com/astral-sh/ruff/compare/0.15.15...0.15.16

nixos/doc/manual/release-notes/rl-2611.section.md

@@ -24,6 +24,8 @@
 
 - Python 2 has been removed from the top-level package set, as it is long past end-of-life. The `python2`, `python27`, `python2Full`, `python27Full`, `python2Packages`, and `python27Packages` attributes, along with the legacy `python`, `pythonFull`, and `pythonPackages` aliases, now throw an error directing you to `python3`. The `isPy2` and `isPy27` package flags have been removed accordingly. The only remaining Python 2 interpreter is vendored inside the `resholve` package for its `oil` dependency and is not exposed for general use.
 
+- `systemd.user.extraConfig` has been removed in favor of the structured [](#opt-systemd.user.settings.Manager) option. Use `systemd.user.settings.Manager` to set any `systemd-user.conf(5)` option directly. For example, replace `systemd.user.extraConfig = "DefaultTimeoutStartSec=60";` with `systemd.user.settings.Manager.DefaultTimeoutStartSec = 60;`.
+
 - `services.timesyncd.extraConfig` has been removed in favor of the structured [](#opt-services.timesyncd.settings.Time) option. Use `services.timesyncd.settings.Time` to set any `timesyncd.conf(5)` option directly. For example, replace `services.timesyncd.extraConfig = "PollIntervalMaxSec=180";` with `services.timesyncd.settings.Time.PollIntervalMaxSec = 180;`.
 
 ## Other Notable Changes {#sec-release-26.11-notable-changes}

nixos/lib/testing/driver.nix

@@ -14,7 +14,7 @@ let
 
   inherit (config) sshBackdoor;
 
-  inherit (hostPkgs.stdenv.hostPlatform) isLinux;
+  inherit (hostPkgs.stdenv.hostPlatform) isLinux isAarch64;
 
   # Reifies and correctly wraps the python test driver for
   # the respective qemu version and with or without ocr support
@@ -256,6 +256,10 @@ in
         #
         # If needed, this can still be turned off.
         virtualisation.qemu.enableSharedMemory = lib.mkDefault isLinux;
+        # Needed for screenshots to work (in e.g `nixosTests.login`)
+        virtualisation.qemu.options = lib.optionals (isLinux && isAarch64) [
+          "-device virtio-gpu-pci"
+        ];
 
         assertions = [
           {

nixos/modules/system/boot/systemd.nix

@@ -40,6 +40,7 @@ let
     "network-online.target"
     "nss-lookup.target"
     "nss-user-lookup.target"
+    "time-set.target"
     "time-sync.target"
     "first-boot-complete.target"
   ]
@@ -808,7 +809,7 @@ in
     systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true;
     systemd.services.systemd-importd = lib.mkIf cfg.package.withImportd {
       environment = proxy_env;
-      path = [ pkgs.gnupg ];
+      path = [ pkgs.gnupgMinimal ];
     };
     systemd.services.systemd-pstore.wantedBy = [ "sysinit.target" ]; # see #81138
 

nixos/modules/system/boot/systemd/logind.nix

@@ -64,13 +64,13 @@
     environment.etc."systemd/logind.conf".text =
       utils.systemdUtils.lib.settingsToSections config.services.logind.settings;
 
-    # Restarting systemd-logind breaks X11
+    # Restarting systemd-logind breaks X11 and other user sessions.
+    # However, reloading the service seems to do the trick of loading new configuration without breaking anything.
     # - upstream commit: https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc48bd653c7e101
     # - systemd announcement: https://github.com/systemd/systemd/blob/22043e4317ecd2bc7834b48a6d364de76bb26d91/NEWS#L103-L112
     # - this might be addressed in the future by xorg
     #systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ];
-    systemd.services.systemd-logind.restartIfChanged = false;
-    systemd.services.systemd-logind.stopIfChanged = false;
+    systemd.services.systemd-logind.reloadIfChanged = true;
 
     # The user-runtime-dir@ service is managed by systemd-logind we should not touch it or else we break the users' sessions.
     systemd.services."user-runtime-dir@".stopIfChanged = false;

nixos/modules/system/boot/systemd/sysupdate.nix

@@ -138,7 +138,7 @@ in
 
     systemd.services.systemd-sysupdated = {
       aliases = [ "dbus-org.freedesktop.sysupdate1.service" ];
-      path = [ pkgs.gnupg ];
+      path = [ pkgs.gnupgMinimal ];
     };
 
     systemd.timers = {

nixos/modules/system/boot/systemd/user.nix

@@ -5,16 +5,13 @@
   utils,
   ...
 }:
-with utils;
-with systemdUtils.unitOptions;
-with lib;
 
 let
   cfg = config.systemd.user;
 
   systemd = config.systemd.package;
 
-  inherit (systemdUtils.lib)
+  inherit (utils.systemdUtils.lib)
     generateUnits
     targetToUnit
     serviceToUnit
@@ -53,7 +50,7 @@ let
       user ? null,
     }:
     let
-      suffix = optionalString (user != null) "-${user}";
+      suffix = lib.optionalString (user != null) "-${user}";
     in
     pkgs.writeTextFile {
       name = "nixos-user-tmpfiles.d${suffix}";
@@ -61,74 +58,86 @@ let
       text = ''
         # This file is created automatically and should not be modified.
         # Please change the options ‘systemd.user.tmpfiles’ instead.
-        ${concatStringsSep "\n" rules}
+        ${lib.concatStringsSep "\n" rules}
       '';
     };
 in
 {
+  imports = [
+    (lib.mkRemovedOptionModule [
+      "systemd"
+      "user"
+      "extraConfig"
+    ] "Use systemd.user.settings.Manager instead.")
+  ];
+
   options = {
-    systemd.user.extraConfig = mkOption {
-      default = "";
-      type = types.lines;
-      example = "DefaultTimeoutStartSec=60";
+    systemd.user.settings.Manager = lib.mkOption {
+      default = { };
+      type = lib.types.submodule {
+        freeformType = lib.types.attrsOf utils.systemdUtils.unitOptions.unitOption;
+      };
+      example = {
+        DefaultTimeoutStartSec = 60;
+      };
       description = ''
-        Extra config options for systemd user instances. See {manpage}`systemd-user.conf(5)` for
-        available options.
+        Settings for systemd user instances. See {manpage}`systemd-user.conf(5)`
+        for available options.
       '';
     };
 
-    systemd.user.units = mkOption {
+    systemd.user.units = lib.mkOption {
       description = "Definition of systemd per-user units.";
       default = { };
-      type = systemdUtils.types.units;
+      type = utils.systemdUtils.types.units;
     };
 
-    systemd.user.paths = mkOption {
+    systemd.user.paths = lib.mkOption {
       default = { };
-      type = systemdUtils.types.paths;
+      type = utils.systemdUtils.types.paths;
       description = "Definition of systemd per-user path units.";
     };
 
-    systemd.user.services = mkOption {
+    systemd.user.services = lib.mkOption {
       default = { };
-      type = systemdUtils.types.services;
+      type = utils.systemdUtils.types.services;
       description = "Definition of systemd per-user service units.";
     };
 
-    systemd.user.slices = mkOption {
+    systemd.user.slices = lib.mkOption {
       default = { };
-      type = systemdUtils.types.slices;
+      type = utils.systemdUtils.types.slices;
       description = "Definition of systemd per-user slice units.";
     };
 
-    systemd.user.sockets = mkOption {
+    systemd.user.sockets = lib.mkOption {
       default = { };
-      type = systemdUtils.types.sockets;
+      type = utils.systemdUtils.types.sockets;
       description = "Definition of systemd per-user socket units.";
     };
 
-    systemd.user.targets = mkOption {
+    systemd.user.targets = lib.mkOption {
       default = { };
-      type = systemdUtils.types.targets;
+      type = utils.systemdUtils.types.targets;
       description = "Definition of systemd per-user target units.";
     };
 
-    systemd.user.timers = mkOption {
+    systemd.user.timers = lib.mkOption {
       default = { };
-      type = systemdUtils.types.timers;
+      type = utils.systemdUtils.types.timers;
       description = "Definition of systemd per-user timer units.";
     };
 
     systemd.user.tmpfiles = {
       enable =
-        (mkEnableOption "systemd user units systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.timer")
+        (lib.mkEnableOption "systemd user units systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.timer")
         // {
           default = true;
           example = false;
         };
 
-      rules = mkOption {
-        type = types.listOf types.str;
+      rules = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
         default = [ ];
         example = [ "D %C - - - 7d" ];
         description = ''
@@ -139,17 +148,17 @@ in
         '';
       };
 
-      users = mkOption {
+      users = lib.mkOption {
         description = ''
           Per-user rules for creation, deletion and cleaning of volatile and
           temporary files automatically.
         '';
         default = { };
-        type = types.attrsOf (
-          types.submodule {
+        type = lib.types.attrsOf (
+          lib.types.submodule {
             options = {
-              rules = mkOption {
-                type = types.listOf types.str;
+              rules = lib.mkOption {
+                type = lib.types.listOf lib.types.str;
                 default = [ ];
                 example = [ "D %C - - - 7d" ];
                 description = ''
@@ -165,8 +174,8 @@ in
       };
     };
 
-    systemd.user.generators = mkOption {
-      type = types.attrsOf types.path;
+    systemd.user.generators = lib.mkOption {
+      type = lib.types.attrsOf lib.types.path;
       default = { };
       example = {
         systemd-gpt-auto-generator = "/dev/null";
@@ -179,9 +188,9 @@ in
       '';
     };
 
-    systemd.additionalUpstreamUserUnits = mkOption {
+    systemd.additionalUpstreamUserUnits = lib.mkOption {
       default = [ ];
-      type = types.listOf types.str;
+      type = lib.types.listOf lib.types.str;
       example = [ ];
       description = ''
         Additional units shipped with systemd that should be enabled for per-user systemd instances.
@@ -203,29 +212,26 @@ in
         upstreamWants = [ ];
       };
 
-      "systemd/user.conf".text = ''
-        [Manager]
-        ${cfg.extraConfig}
-      '';
+      "systemd/user.conf".text = utils.systemdUtils.lib.settingsToSections cfg.settings;
     };
 
     systemd.user.units =
-      mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit v)) cfg.paths
-      // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit v)) cfg.services
-      // mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit v)) cfg.slices
-      // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit v)) cfg.sockets
-      // mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit v)) cfg.targets
-      // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit v)) cfg.timers;
+      lib.mapAttrs' (n: v: lib.nameValuePair "${n}.path" (pathToUnit v)) cfg.paths
+      // lib.mapAttrs' (n: v: lib.nameValuePair "${n}.service" (serviceToUnit v)) cfg.services
+      // lib.mapAttrs' (n: v: lib.nameValuePair "${n}.slice" (sliceToUnit v)) cfg.slices
+      // lib.mapAttrs' (n: v: lib.nameValuePair "${n}.socket" (socketToUnit v)) cfg.sockets
+      // lib.mapAttrs' (n: v: lib.nameValuePair "${n}.target" (targetToUnit v)) cfg.targets
+      // lib.mapAttrs' (n: v: lib.nameValuePair "${n}.timer" (timerToUnit v)) cfg.timers;
 
     systemd.user.timers = {
       # enable systemd user tmpfiles
-      systemd-tmpfiles-clean.wantedBy = optional cfg.tmpfiles.enable "timers.target";
+      systemd-tmpfiles-clean.wantedBy = lib.optional cfg.tmpfiles.enable "timers.target";
     }
     # Generate timer units for all services that have a ‘startAt’ value.
-    // (mapAttrs (name: service: {
+    // (lib.mapAttrs (name: service: {
       wantedBy = [ "timers.target" ];
       timerConfig.OnCalendar = service.startAt;
-    }) (filterAttrs (name: service: service.startAt != [ ]) cfg.services));
+    }) (lib.filterAttrs (name: service: service.startAt != [ ]) cfg.services));
 
     # Provide the systemd-user PAM service, required to run systemd
     # user instances.
@@ -244,18 +250,19 @@ in
     systemd.services.systemd-user-sessions.restartIfChanged = false; # Restart kills all active sessions.
 
     # enable systemd user tmpfiles
-    systemd.user.services.systemd-tmpfiles-setup.wantedBy = optional cfg.tmpfiles.enable "basic.target";
+    systemd.user.services.systemd-tmpfiles-setup.wantedBy =
+      lib.optional cfg.tmpfiles.enable "basic.target";
 
     # /run/current-system/sw/etc/xdg is in systemd's $XDG_CONFIG_DIRS so we can
     # write the tmpfiles.d rules for everyone there
-    environment.systemPackages = optional (cfg.tmpfiles.rules != [ ]) (writeTmpfiles {
+    environment.systemPackages = lib.optional (cfg.tmpfiles.rules != [ ]) (writeTmpfiles {
       inherit (cfg.tmpfiles) rules;
     });
 
     # /etc/profiles/per-user/$USER/etc/xdg is in systemd's $XDG_CONFIG_DIRS so
     # we can write a single user's tmpfiles.d rules there
-    users.users = mapAttrs (user: cfg': {
-      packages = optional (cfg'.rules != [ ]) (writeTmpfiles {
+    users.users = lib.mapAttrs (user: cfg': {
+      packages = lib.optional (cfg'.rules != [ ]) (writeTmpfiles {
         inherit (cfg') rules;
         inherit user;
       });

nixos/modules/testing/test-instrumentation.nix

@@ -238,11 +238,11 @@ in
     '';
 
     systemd.settings.Manager = managerSettings;
-    systemd.user.extraConfig = ''
+    systemd.user.settings.Manager = {
       # Allow very slow start
-      DefaultTimeoutStartSec=300
-      DefaultDeviceTimeoutSec=300
-    '';
+      DefaultTimeoutStartSec = 300;
+      DefaultDeviceTimeoutSec = 300;
+    };
 
     boot.consoleLogLevel = 7;
 

nixos/modules/virtualisation/qemu-vm.nix

@@ -1379,7 +1379,6 @@ in
         "-device usb-tablet,bus=usb-bus.0"
       ])
       (mkIf pkgs.stdenv.hostPlatform.isAarch [
-        "-device virtio-gpu-pci"
         "-device usb-ehci,id=usb0"
         "-device usb-kbd"
         "-device usb-tablet"

nixos/tests/all-tests.nix

@@ -1670,6 +1670,7 @@ in
   systemd-timesyncd-nscd-dnssec = runTest ./systemd-timesyncd-nscd-dnssec.nix;
   systemd-user-linger = runTest ./systemd-user-linger.nix;
   systemd-user-linger-purge = runTest ./systemd-user-linger-purge.nix;
+  systemd-user-settings = runTest ./systemd-user-settings.nix;
   systemd-user-tmpfiles-rules = runTest ./systemd-user-tmpfiles-rules.nix;
   systemd-userdbd = runTest ./systemd-userdbd.nix;
   systemtap = handleTest ./systemtap.nix { };

nixos/tests/systemd-user-settings.nix

@@ -0,0 +1,24 @@
+{
+  name = "systemd-user-settings";
+  meta = {
+    maintainers = [ ];
+  };
+
+  nodes.machine =
+    { lib, ... }:
+    {
+      systemd.user.settings.Manager = {
+        DefaultTimeoutStartSec = lib.mkForce "60";
+        DefaultEnvironment = "FOO=bar";
+      };
+    };
+
+  testScript = ''
+    machine.wait_for_unit("multi-user.target")
+
+    with subtest("settings.Manager renders user.conf"):
+      machine.succeed("grep -F '[Manager]' /etc/systemd/user.conf")
+      machine.succeed("grep -F 'DefaultTimeoutStartSec=60' /etc/systemd/user.conf")
+      machine.succeed("grep -F 'DefaultEnvironment=FOO=bar' /etc/systemd/user.conf")
+  '';
+}

nixos/tests/systemd.nix

@@ -34,7 +34,7 @@
         RebootWatchdogSec = "10min";
         KExecWatchdogSec = "5min";
       };
-      systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\"";
+      systemd.user.settings.Manager.DefaultEnvironment = "\"XXX_USER=bar\"";
       services.journald.extraConfig = "Storage=volatile";
       test-support.displayManager.auto.user = "alice";
 

pkgs/by-name/ni/nixos-rebuild-ng/nixos-rebuild.8.scd

@@ -314,13 +314,16 @@ It must be one of the following:
 	be made using _nixos_ function in nixpkgs or importing and calling
 	nixos/lib/eval-config.nix from nixpkgs. If specified without *--attr*
 	option, builds the configuration from the top-level attribute set of the
-	file.
+	file. Using this option disables automatic flake detection, same as
+	*--no-flake*.
 
 *--attr* _attrPath_, *-A* _attrPath_
 	Build the NixOS system from a nix file and use the specified
 	attribute path from the file specified by the *--file* option.
 	If specified without *--file* option, uses _system.nix_ in current directory,
 	the system-wide _<nixos-system>_ file, or finally, /etc/nixos/system.nix.
+	Using this option disables automatic flake detection, same as
+	*--no-flake*.
 
 *--flake* _flake-uri[#name]_, *-F* _flake-uri[#name]_
 	Build the NixOS system from the specified flake. It defaults to the
@@ -379,6 +382,10 @@ NIX_SSHOPTS
 NIX_SUDOOPTS
 	Additional options to be passed to sudo on the command line.
 
+NIXOS_REBUILD_NO_SYSTEMD_RUN
+	If set, then *nixos-rebuild* will run without the
+	_systemd-run_ wrapper.
+
 # FILES
 
 /etc/nixos/system.nix

pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/__init__.py

@@ -329,6 +329,10 @@ def parse_args(
     if args.flake and (args.file or args.attr):
         parser.error("--flake cannot be used with --file or --attr")
 
+    if (args.file or args.attr) and args.flake is None:
+        # Disable flake auto-detection when --file or --attr is used
+        args.flake = False
+
     if args.store_path:
         if args.rollback:
             parser.error("--store-path and --rollback are mutually exclusive")

pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py

@@ -708,6 +708,8 @@ def switch_to_configuration(
             "not working in target host"
         )
         cmd = []
+    elif os.environ.get("NIXOS_REBUILD_NO_SYSTEMD_RUN"):
+        cmd = []
 
     run_wrapper(
         [*cmd, path_to_config / "bin/switch-to-configuration", str(action)],

pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py

@@ -89,6 +89,22 @@ def test_parse_args() -> None:
     assert r_store_path.flake is False
     assert r_store_path.store_path == "/nix/store/foo"
 
+    # --file and --attr should disable flake auto-detection
+    r_file, _ = nr.parse_args(["nixos-rebuild", "switch", "--file", "foo.nix"])
+    assert r_file.flake is False
+    assert r_file.file == "foo.nix"
+
+    r_attr, _ = nr.parse_args(["nixos-rebuild", "switch", "--attr", "bar"])
+    assert r_attr.flake is False
+    assert r_attr.attr == "bar"
+
+    r_file_attr, _ = nr.parse_args(
+        ["nixos-rebuild", "switch", "--file", "foo.nix", "--attr", "bar"]
+    )
+    assert r_file_attr.flake is False
+    assert r_file_attr.file == "foo.nix"
+    assert r_file_attr.attr == "bar"
+
     r1, g1 = nr.parse_args(
         [
             "nixos-rebuild",

pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py

@@ -819,6 +819,38 @@ def test_switch_to_configuration_without_systemd_run(
     )
 
 
+@patch(get_qualified_name(n.run_wrapper, n), autospec=True)
+def test_switch_to_configuration_without_systemd_run_env_var(
+    mock_run: Any, monkeypatch: MonkeyPatch
+) -> None:
+    profile_path = Path("/path/to/profile")
+    mock_run.return_value = CompletedProcess([], 0)
+
+    with monkeypatch.context() as mp:
+        mp.setenv("LOCALE_ARCHIVE", "")
+        mp.setenv("NIXOS_REBUILD_NO_SYSTEMD_RUN", "1")
+
+        n.switch_to_configuration(
+            profile_path,
+            m.Action.SWITCH,
+            elevate=e.NO_ELEVATOR,
+            target_host=None,
+            specialisation=None,
+            install_bootloader=False,
+        )
+    mock_run.assert_called_with(
+        [profile_path / "bin/switch-to-configuration", "switch"],
+        env={
+            "LOCALE_ARCHIVE": e.PRESERVE_ENV,
+            "NIXOS_NO_CHECK": e.PRESERVE_ENV,
+            "NIXOS_INSTALL_BOOTLOADER": "0",
+        },
+        elevate=e.NO_ELEVATOR,
+        remote=None,
+        stdout=sys.stderr,
+    )
+
+
 @patch(get_qualified_name(n.run_wrapper, n), autospec=True)
 def test_switch_to_configuration_with_systemd_run(
     mock_run: Mock, monkeypatch: MonkeyPatch

pkgs/by-name/ru/ruff/package.nix

@@ -16,7 +16,7 @@
 
 rustPlatform.buildRustPackage (finalAttrs: {
   pname = "ruff";
-  version = "0.15.15";
+  version = "0.15.16";
 
   __structuredAttrs = true;
 
@@ -24,12 +24,12 @@ rustPlatform.buildRustPackage (finalAttrs: {
     owner = "astral-sh";
     repo = "ruff";
     tag = finalAttrs.version;
-    hash = "sha256-WpjOOCYLZ1d8XPUx3qNHD+fuK6t65u/1/ZezABWpBD0=";
+    hash = "sha256-krmHCLijp+D4gBjKV9cdicPob4ry5I6QwB3MUz0z7zA=";
   };
 
   cargoBuildFlags = [ "--package=ruff" ];
 
-  cargoHash = "sha256-SfkoLl43Y1DNqIRW+HljVcEHWhedTS99SGhMvkQ4dmo=";
+  cargoHash = "sha256-d2iV7iWf7lVhj1Bbaxxk5Zao4KK3oC7whppRvk0erzA=";
 
   nativeBuildInputs = [ installShellFiles ];
 

pkgs/by-name/ty/ty/package.nix

@@ -17,7 +17,7 @@
 
 rustPlatform.buildRustPackage (finalAttrs: {
   pname = "ty";
-  version = "0.0.40";
+  version = "0.0.44";
   __structuredAttrs = true;
 
   src = fetchFromGitHub {
@@ -25,7 +25,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
     repo = "ty";
     tag = finalAttrs.version;
     fetchSubmodules = true;
-    hash = "sha256-kdfPnyQXYtf3BDrYCFGfX0bMoPGjRpyH3aUeRZBiUKY=";
+    hash = "sha256-P19+C6u0mkIrR0H8M/l7Wn3r8JSY4Ul9p64oXaLdWCQ=";
   };
 
   # For Darwin platforms, remove the integration test for file notifications,
@@ -39,7 +39,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
 
   cargoBuildFlags = [ "--package=ty" ];
 
-  cargoHash = "sha256-yUbHTzUGNdpm3b1s/SkcpFGdp7WjN+xO+CVrPPwrh6A=";
+  cargoHash = "sha256-d2iV7iWf7lVhj1Bbaxxk5Zao4KK3oC7whppRvk0erzA=";
 
   nativeBuildInputs = [ installShellFiles ];
   buildInputs = [ rust-jemalloc-sys ];

pkgs/os-specific/linux/kernel/common-config.nix

@@ -248,6 +248,10 @@ let
       BOUNCE = option yes;
     };
 
+    iommu = lib.optionalAttrs stdenv.hostPlatform.isAarch64 {
+      ARM_SMMU_V3_SVA = whenAtLeast "5.9" yes;
+    };
+
     memtest = {
       MEMTEST = yes;
     };

pkgs/pkgs-lib/formats.nix

@@ -142,14 +142,12 @@ optionalAttrs allowAliases aliases
           runCommand name
             {
               nativeBuildInputs = [ jq ];
-              value = builtins.toJSON value;
+              inherit value;
               preferLocalBuild = true;
               __structuredAttrs = true;
             }
             ''
-              valuePath="$TMPDIR/value"
-              printf "%s" "$value" > "$valuePath"
-              jq . "$valuePath" > $out
+              jq .value "$NIX_ATTRS_JSON_FILE" > $out
             ''
         ) { };
 
@@ -167,14 +165,12 @@ optionalAttrs allowAliases aliases
           runCommand name
             {
               nativeBuildInputs = [ remarshal_0_17 ];
-              value = builtins.toJSON value;
+              inherit value;
               preferLocalBuild = true;
               __structuredAttrs = true;
             }
             ''
-              valuePath="$TMPDIR/value"
-              printf "%s" "$value" > "$valuePath"
-              json2yaml "$valuePath" "$out"
+              json2yaml --unwrap value "$NIX_ATTRS_JSON_FILE" "$out"
             ''
         ) { };
 
@@ -192,14 +188,12 @@ optionalAttrs allowAliases aliases
           runCommand name
             {
               nativeBuildInputs = [ remarshal ];
-              value = builtins.toJSON value;
+              inherit value;
               preferLocalBuild = true;
               __structuredAttrs = true;
             }
             ''
-              valuePath="$TMPDIR/value"
-              printf "%s" "$value" > "$valuePath"
-              json2yaml "$valuePath" "$out"
+              json2yaml --unwrap value "$NIX_ATTRS_JSON_FILE" "$out"
             ''
         ) { };
 
@@ -938,8 +932,8 @@ optionalAttrs allowAliases aliases
                 python3
                 black
               ];
-              imports = builtins.toJSON (value._imports or [ ]);
-              value = builtins.toJSON (removeAttrs value [ "_imports" ]);
+              imports = value._imports or [ ];
+              value = removeAttrs value [ "_imports" ];
               pythonGen = pkgs.writeText "pythonGen" ''
                 import json
                 import os
@@ -962,26 +956,20 @@ optionalAttrs allowAliases aliases
                     else:
                         return repr(value)
 
-                with open(os.environ["importsPath"], "r") as f:
-                    imports = json.load(f)
-                    if imports is not None:
-                        for i in imports:
+                with open(os.environ["NIX_ATTRS_JSON_FILE"], "r") as f:
+                    attrs = json.load(f)
+                    if attrs["imports"] is not None:
+                        for i in attrs["imports"]:
                             print(f"import {i}")
                         print()
 
-                with open(os.environ["valuePath"], "r") as f:
-                    for key, value in json.load(f).items():
+                    for key, value in attrs["value"].items():
                         print(f"{key} = {recursive_repr(value)}")
               '';
               preferLocalBuild = true;
               __structuredAttrs = true;
             }
             ''
-              export importsPath="$TMPDIR/imports"
-              printf "%s" "$imports" > "$importsPath"
-              export valuePath="$TMPDIR/value"
-              printf "%s" "$value" > "$valuePath"
-              cat "$valuePath"
               python3 "$pythonGen" > $out
               black $out
             ''
@@ -1011,14 +999,14 @@ optionalAttrs allowAliases aliases
                   python3Packages.xmltodict
                   libxml2Python
                 ];
-                value = builtins.toJSON value;
+                inherit value;
                 pythonGen = pkgs.writeText "pythonGen" ''
                   import json
                   import os
                   import xmltodict
 
-                  with open(os.environ["valuePath"], "r") as f:
-                      print(xmltodict.unparse(json.load(f), full_document=${
+                  with open(os.environ["NIX_ATTRS_JSON_FILE"], "r") as f:
+                      print(xmltodict.unparse(json.load(f)["value"], full_document=${
                         if withHeader then "True" else "False"
                       }, pretty=True, indent=" " * 2))
                 '';
@@ -1026,8 +1014,6 @@ optionalAttrs allowAliases aliases
                 __structuredAttrs = true;
               }
               ''
-                export valuePath="$TMPDIR/value"
-                printf "%s" "$value" > "$valuePath"
                 python3 "$pythonGen" > $out
                 xmllint $out > /dev/null
               ''

pkgs/top-level/all-packages.nix

@@ -2284,6 +2284,10 @@ with pkgs;
     pinentry = if stdenv.hostPlatform.isDarwin then pinentry_mac else pinentry-gtk2;
   };
   gnupg = gnupg24;
+  gnupgMinimal = gnupg.override {
+    enableMinimal = true;
+    guiSupport = false;
+  };
 
   gnused = callPackage ../tools/text/gnused { };