From 93681a52a5bff48ecf434d3225588c1c99c1e853 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Fri, 28 Jan 2022 08:16:57 +0100
Subject: [PATCH 1/3] stdenv: check that all inputs are of an appropriate type

Fixes #24462
---
 pkgs/stdenv/generic/make-derivation.nix | 30 ++++++++++++++-----------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 2465449867c..6bd31de83df 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -128,6 +128,10 @@ let
     else lib.subtractLists hardeningDisable (defaultHardeningFlags ++ hardeningEnable);
   # hardeningDisable additionally supports "all".
   erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable);
+
+  checkDependencyList = name: deps: lib.flip lib.imap1 deps (index: dep:
+    if lib.isDerivation dep || isNull dep || builtins.typeOf dep == "path" then dep
+    else throw "Dependency is not of a valid type: element ${toString index} of ${name} for ${attrs.name or attrs.pname}");
 in if builtins.length erroneousHardeningFlags != 0
 then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} {
   inherit erroneousHardeningFlags hardeningDisable hardeningEnable supportedHardeningFlags;
@@ -143,34 +147,34 @@ else let
 
   dependencies = map (map lib.chooseDevOutputs) [
     [
-      (map (drv: drv.__spliced.buildBuild or drv) depsBuildBuild)
-      (map (drv: drv.nativeDrv or drv) nativeBuildInputs
+      (map (drv: drv.__spliced.buildBuild or drv) (checkDependencyList "depsBuildBuild" depsBuildBuild))
+      (map (drv: drv.nativeDrv or drv) (checkDependencyList "nativeBuildInputs" nativeBuildInputs
          ++ lib.optional separateDebugInfo' ../../build-support/setup-hooks/separate-debug-info.sh
          ++ lib.optional stdenv.hostPlatform.isWindows ../../build-support/setup-hooks/win-dll-link.sh
          ++ lib.optionals doCheck checkInputs
-         ++ lib.optionals doInstallCheck' installCheckInputs)
-      (map (drv: drv.__spliced.buildTarget or drv) depsBuildTarget)
+         ++ lib.optionals doInstallCheck' installCheckInputs))
+      (map (drv: drv.__spliced.buildTarget or drv) (checkDependencyList "depsBuildTarget" depsBuildTarget))
     ]
     [
-      (map (drv: drv.__spliced.hostHost or drv) depsHostHost)
-      (map (drv: drv.crossDrv or drv) buildInputs)
+      (map (drv: drv.__spliced.hostHost or drv) (checkDependencyList "depsHostHost" depsHostHost))
+      (map (drv: drv.crossDrv or drv) (checkDependencyList "buildInputs" buildInputs))
     ]
     [
-      (map (drv: drv.__spliced.targetTarget or drv) depsTargetTarget)
+      (map (drv: drv.__spliced.targetTarget or drv) (checkDependencyList "depsTargetTarget" depsTargetTarget))
     ]
   ];
   propagatedDependencies = map (map lib.chooseDevOutputs) [
     [
-      (map (drv: drv.__spliced.buildBuild or drv) depsBuildBuildPropagated)
-      (map (drv: drv.nativeDrv or drv) propagatedNativeBuildInputs)
-      (map (drv: drv.__spliced.buildTarget or drv) depsBuildTargetPropagated)
+      (map (drv: drv.__spliced.buildBuild or drv) (checkDependencyList "depsBuildBuildPropagated" depsBuildBuildPropagated))
+      (map (drv: drv.nativeDrv or drv) (checkDependencyList "propagatedNativeBuildInputs" propagatedNativeBuildInputs))
+      (map (drv: drv.__spliced.buildTarget or drv) (checkDependencyList "depsBuildTargetPropagated" depsBuildTargetPropagated))
     ]
     [
-      (map (drv: drv.__spliced.hostHost or drv) depsHostHostPropagated)
-      (map (drv: drv.crossDrv or drv) propagatedBuildInputs)
+      (map (drv: drv.__spliced.hostHost or drv) (checkDependencyList "depsHostHostPropagated" depsHostHostPropagated))
+      (map (drv: drv.crossDrv or drv) (checkDependencyList "propagatedBuildInputs" propagatedBuildInputs))
     ]
     [
-      (map (drv: drv.__spliced.targetTarget or drv) depsTargetTargetPropagated)
+      (map (drv: drv.__spliced.targetTarget or drv) (checkDependencyList "depsTargetTargetPropagated" depsTargetTargetPropagated))
     ]
   ];
 

From 235fe92e4268dfeb681dcb07273b152579592ea4 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Tue, 5 Apr 2022 12:18:04 +0200
Subject: [PATCH 2/3] make-derivation: allow nested lists in buildInputs

This isn't really desirable in general, but given that Nix itself
currently relies on this behaviour and that we don't want to break
backwards compatibility we should support it for now, maybe
deprecating it in the future.
---
 pkgs/stdenv/generic/make-derivation.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 6bd31de83df..eb4f7e59490 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -129,9 +129,11 @@ let
   # hardeningDisable additionally supports "all".
   erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable);
 
-  checkDependencyList = name: deps: lib.flip lib.imap1 deps (index: dep:
+  checkDependencyList = checkDependencyList' [];
+  checkDependencyList' = positions: name: deps: lib.flip lib.imap1 deps (index: dep:
     if lib.isDerivation dep || isNull dep || builtins.typeOf dep == "path" then dep
-    else throw "Dependency is not of a valid type: element ${toString index} of ${name} for ${attrs.name or attrs.pname}");
+    else if lib.isList dep then checkDependencyList' ([index] ++ positions) name dep
+    else throw "Dependency is not of a valid type: ${lib.concatMapStrings (ix: "element ${toString ix} of ") ([index] ++ positions)}${name} for ${attrs.name or attrs.pname}");
 in if builtins.length erroneousHardeningFlags != 0
 then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} {
   inherit erroneousHardeningFlags hardeningDisable hardeningEnable supportedHardeningFlags;

From b3e88559999d7d0332d3415594be1c30edbc0722 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Sat, 7 May 2022 10:42:50 +0200
Subject: [PATCH 3/3] make-derivation: allow strings in build input lists

---
 pkgs/stdenv/generic/make-derivation.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index eb4f7e59490..179926722be 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -131,7 +131,7 @@ let
 
   checkDependencyList = checkDependencyList' [];
   checkDependencyList' = positions: name: deps: lib.flip lib.imap1 deps (index: dep:
-    if lib.isDerivation dep || isNull dep || builtins.typeOf dep == "path" then dep
+    if lib.isDerivation dep || isNull dep || builtins.typeOf dep == "string" || builtins.typeOf dep == "path" then dep
     else if lib.isList dep then checkDependencyList' ([index] ++ positions) name dep
     else throw "Dependency is not of a valid type: ${lib.concatMapStrings (ix: "element ${toString ix} of ") ([index] ++ positions)}${name} for ${attrs.name or attrs.pname}");
 in if builtins.length erroneousHardeningFlags != 0