partitions: incompatible with flakes as inputs that use flake-parts

[antifuchs]

I'm currently porting https://github.com/boinkor-net/tsnsrv/'s flake over to using partitions, so my downstream users don't have to endure my dev dependencies. Unfortunately, one of my dev dependencies is https://github.com/antifuchs/generate-go-sri, which itself uses flake-parts. When that is an input on my dev flake and I put inputs.generate-go-sri.flakeModules.default on the dev flake module's imports, I get the following error:

git+file:///Users/asf/Hacks/tsnsrv
error:
       … while calling the 'head' builtin
         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/attrsets.nix:1575:11:
         1574|         || pred here (elemAt values 1) (head values) then
         1575|           head values
             |           ^
         1576|         else

       … while evaluating the attribute 'value'
         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/modules.nix:821:9:
          820|     in warnDeprecation opt //
          821|       { value = addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          822|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: access to absolute path '/nix/store/8ql43f4sxqh1dbpqy2q5jz11zdwf9832-source' is forbidden in pure eval mode (use '--impure' to override)

Where that "absolute" store path is flake-parts' locked revision in generate-go-sri. Does that mean it's only possible to use flakes that don't themselves use flake-parts as deps in partitions, or is there another way?

Things I tried

Set inputs.flake-parts.follows = ""; on the dev flake's generate-go-sri input:

That results in a flake that loads, but then the apps and devShells attrsets fail to evaluate:

nix-repl> :lf .
warning: Git tree '/Users/asf/Hacks/tsnsrv' is dirty
Added 20 variables.

nix-repl> devShells
error:
       … while calling the 'head' builtin
         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/attrsets.nix:1575:11:
         1574|         || pred here (elemAt values 1) (head values) then
         1575|           head values
             |           ^
         1576|         else

       … while evaluating the attribute 'value'
         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/modules.nix:821:9:
          820|     in warnDeprecation opt //
          821|       { value = addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          822|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: attribute 'lib' missing
       at /nix/store/gz2mfkijfjlkvkrb9aqlrjn619nccx3c-source/flake.nix:9:5:
            8|   outputs = inputs @ {flake-parts, ...}:
            9|     flake-parts.lib.mkFlake {inherit inputs;} ({
             |     ^
           10|       withSystem,

Comment out all usages of generate-go-sri

That works, but prevents me from generating the SRI hash for the go package, which isn't a great development experience.

[antifuchs]

Forgot to mention: You can find the work I'm doing at this rev: https://github.com/boinkor-net/tsnsrv/commit/005e3771e8bd62867153fcfea43ce563c2c11d66

[antifuchs]

I have fixed the immediate issue by eliminating all flake utility libraries from generate-go-sri's inputs (using lib.genAttrs), but this seems like a precarious situation for any downstream library to be in...

[roberth]

I've tried this, but it works:

$ nix repl github:boinkor-net/tsnsrv/005e3771e8bd62867153fcfea43ce563c2c11d66
Nix 2.25.0pre20240910_9c0e968
Type :? for help.
Loading installable 'github:boinkor-net/tsnsrv/005e3771e8bd62867153fcfea43ce563c2c11d66#'...
Added 9 variables.
nix-repl> devShells
{
  aarch64-darwin = { ... };
  aarch64-linux = { ... };
  x86_64-darwin = { ... };
  x86_64-linux = { ... };
}

It also works for Nix 2.18.6, but not in Nix 2.13. Assuming this is the cause for you, could you update to at least 2.18? Older versions are not supported by the Nix team, and they contain unpatched vulnerabilities.

[antifuchs]

Hm, so I can't replicate this. Made the following branch fp-bug-report in the tsnsrv repo to pin the thing we're testing. With that checked out:

:;    nix run github:nixos/nix/2.18.6 -- flake show
git+file:///Users/asf/Hacks/tsnsrv?ref=refs/heads/fp-bug-report&rev=005e3771e8bd62867153fcfea43ce563c2c11d66
error:
       … while calling the 'head' builtin

         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/attrsets.nix:1575:11:

         1574|         || pred here (elemAt values 1) (head values) then
         1575|           head values
             |           ^
         1576|         else

       … while evaluating the attribute 'value'

         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/modules.nix:821:9:

          820|     in warnDeprecation opt //
          821|       { value = addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          822|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: access to absolute path '/nix/store/8ql43f4sxqh1dbpqy2q5jz11zdwf9832-source' is forbidden in pure eval mode (use '--impure' to override)

Same with nix 2.24.6:

:;    nix run github:nixos/nix/2.24.6 -- flake show
warning: unknown experimental feature 'repl-flake'
git+file:///Users/asf/Hacks/tsnsrv?ref=refs/heads/fp-bug-report&rev=005e3771e8bd62867153fcfea43ce563c2c11d66
error:
       … while calling the 'head' builtin
         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/attrsets.nix:1575:11:
         1574|         || pred here (elemAt values 1) (head values) then
         1575|           head values
             |           ^
         1576|         else

       … while evaluating the attribute 'value'
         at /nix/store/fkjds639pw6ykj3zib7cp4y9i9h6ka9w-source/modules.nix:821:9:
          820|     in warnDeprecation opt //
          821|       { value = addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          822|         inherit (res.defsFinal') highestPrio;

       … while evaluating the option `flake.apps':

       … while evaluating the option `partitions.dev.module':

       … while evaluating definitions from `/nix/store/vmxpp69qfl29zis707vl6pi97b6x6wg6-source/extras/partitions.nix':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: access to absolute path '/nix/store/8ql43f4sxqh1dbpqy2q5jz11zdwf9832-source' is forbidden in pure evaluation mode (use '--impure' to override)

...and the same with my system nix, nix (Lix, like Nix) 2.91.0-pre20240820-ed51a17