nixVersions.{nix_2_28,nix_2_26}: switch simplified meson build

So we are adding a simplified version that builds a monolithic nix binary to get finished
in time for the release. Afterwards we will switch to the modular build again.

lib/tests/nix-for-tests.nix

@@ -14,7 +14,7 @@
 
 builtins.mapAttrs (
   attr: pkg:
-  if lib.versionAtLeast pkg.version "2.26" then
+  if lib.versionAtLeast pkg.version "2.29pre" then
     pkg.overrideScope (finalScope: prevScope: { aws-sdk-cpp = null; })
   else
     pkg.override { withAWS = false; }

pkgs/tools/package-management/nix/common-meson.nix

@@ -0,0 +1,287 @@
+{
+  lib,
+  fetchFromGitHub,
+  version,
+  suffix ? "",
+  hash ? null,
+  src ? fetchFromGitHub {
+    owner = "NixOS";
+    repo = "nix";
+    rev = version;
+    inherit hash;
+  },
+  patches ? [ ],
+  maintainers ? lib.teams.nix.members ++ [
+    lib.maintainers.lovesegfault
+    lib.maintainers.artturin
+  ],
+  self_attribute_name,
+}@args:
+assert (hash == null) -> (src != null);
+{
+  stdenv,
+  bison,
+  boehmgc,
+  boost,
+  brotli,
+  busybox-sandbox-shell,
+  bzip2,
+  callPackage,
+  cmake,
+  curl,
+  darwin,
+  doxygen,
+  editline,
+  flex,
+  git,
+  gtest,
+  jq,
+  lib,
+  libarchive,
+  libblake3,
+  libcpuid,
+  libgit2,
+  libsodium,
+  lowdown,
+  lowdown-unsandboxed,
+  toml11,
+  man,
+  meson,
+  ninja,
+  mdbook,
+  mdbook-linkcheck,
+  nlohmann_json,
+  nixosTests,
+  openssl,
+  perl,
+  python3,
+  pkg-config,
+  rapidcheck,
+  rsync,
+  Security,
+  sqlite,
+  util-linuxMinimal,
+  xz,
+  enableDocumentation ? stdenv.buildPlatform.canExecute stdenv.hostPlatform,
+  enableStatic ? stdenv.hostPlatform.isStatic,
+  withAWS ? !enableStatic && (stdenv.hostPlatform.isLinux || stdenv.hostPlatform.isDarwin),
+  aws-sdk-cpp,
+  withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp,
+  libseccomp,
+
+  confDir,
+  stateDir,
+  storeDir,
+
+  # passthru tests
+  pkgsi686Linux,
+  pkgsStatic,
+  runCommand,
+  pkgs,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "nix";
+
+  version = "${version}${suffix}";
+  VERSION_SUFFIX = suffix;
+
+  inherit src patches;
+
+  outputs =
+    [
+      "out"
+      "dev"
+    ]
+    ++ lib.optionals enableDocumentation [
+      "man"
+      "doc"
+    ];
+
+  hardeningEnable = lib.optionals (!stdenv.hostPlatform.isDarwin) [ "pie" ];
+
+  hardeningDisable = [
+    "shadowstack"
+  ] ++ lib.optional stdenv.hostPlatform.isMusl "fortify";
+
+  nativeCheckInputs = [
+    git
+    man
+  ];
+
+  nativeBuildInputs =
+    [
+      bison
+      cmake
+      flex
+      jq
+      meson
+      ninja
+      pkg-config
+      rsync
+    ]
+    ++ lib.optionals enableDocumentation [
+      (lib.getBin lowdown-unsandboxed)
+      mdbook
+      mdbook-linkcheck
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isLinux [
+      util-linuxMinimal
+    ]
+    ++ lib.optionals enableDocumentation [
+      python3
+      doxygen
+    ];
+
+  buildInputs =
+    [
+      boost
+      brotli
+      bzip2
+      curl
+      editline
+      libgit2
+      libsodium
+      lowdown
+      openssl
+      sqlite
+      toml11
+      xz
+    ]
+    ++ lib.optionals (lib.versionAtLeast version "2.26") [
+      libblake3
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isDarwin [
+      Security
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isx86_64 [
+      libcpuid
+    ]
+    ++ lib.optionals withLibseccomp [
+      libseccomp
+    ]
+    ++ lib.optionals withAWS [
+      aws-sdk-cpp
+    ]
+    ++ lib.optionals (stdenv.hostPlatform.isDarwin) [
+      darwin.apple_sdk.libs.sandbox
+    ];
+
+  propagatedBuildInputs = [
+    boehmgc
+    nlohmann_json
+    libarchive
+  ];
+
+  checkInputs = [
+    gtest
+    rapidcheck
+  ];
+
+  postPatch = ''
+    patchShebangs --build tests
+  '';
+
+  preConfigure =
+    # Copy libboost_context so we don't get all of Boost in our closure.
+    # https://github.com/NixOS/nixpkgs/issues/45462
+    lib.optionalString (!enableStatic) ''
+      mkdir -p $out/lib
+      cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
+      rm -f $out/lib/*.a
+      ${lib.optionalString stdenv.hostPlatform.isLinux ''
+        chmod u+w $out/lib/*.so.*
+        patchelf --set-rpath $out/lib:${lib.getLib stdenv.cc.cc}/lib $out/lib/libboost_thread.so.*
+      ''}
+    '';
+
+  dontUseCmakeConfigure = true;
+
+  mesonFlags =
+    [
+      (lib.mesonBool "bindings" false)
+      (lib.mesonOption "libstore:store-dir" storeDir)
+      (lib.mesonOption "libstore:localstatedir" stateDir)
+      (lib.mesonOption "libstore:sysconfdir" confDir)
+      (lib.mesonEnable "libutil:cpuid" stdenv.hostPlatform.isx86_64)
+      (lib.mesonEnable "libstore:seccomp-sandboxing" withLibseccomp)
+      (lib.mesonBool "libstore:embedded-sandbox-shell" (
+        stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic
+      ))
+      (lib.mesonBool "doc-gen" enableDocumentation)
+    ]
+    ++ lib.optionals stdenv.hostPlatform.isLinux [
+      (lib.mesonOption "libstore:sandbox-shell" "${busybox-sandbox-shell}/bin/busybox")
+      # RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
+    ]
+    ++ lib.optionals (stdenv.cc.isGNU && !enableStatic) [
+      # TODO: do we still need this?
+      # "--enable-lto"
+    ];
+
+  doCheck = true;
+
+  # socket path becomes too long otherwise
+  preInstallCheck =
+    lib.optionalString stdenv.hostPlatform.isDarwin ''
+      export TMPDIR=$NIX_BUILD_TOP
+    ''
+    # See https://github.com/NixOS/nix/issues/5687
+    + lib.optionalString (stdenv.hostPlatform.system == "aarch64-linux") ''
+      echo "exit 0" > tests/functional/flakes/show.sh
+    ''
+    + ''
+      # nixStatic otherwise does not find its man pages in tests.
+      export MANPATH=$man/share/man:$MANPATH
+    '';
+
+  separateDebugInfo = stdenv.hostPlatform.isLinux && enableStatic;
+
+  passthru = {
+    inherit aws-sdk-cpp boehmgc;
+
+    # TODO:
+    perl-bindings = perl.pkgs.toPerlModule (
+      callPackage ./nix-perl.nix {
+        nix = finalAttrs.finalPackage;
+        inherit Security;
+      }
+    );
+
+    tests = import ./tests.nix {
+      inherit
+        runCommand
+        version
+        src
+        lib
+        stdenv
+        pkgs
+        pkgsi686Linux
+        pkgsStatic
+        nixosTests
+        self_attribute_name
+        ;
+      nix = finalAttrs.finalPackage;
+    };
+  };
+
+  # point 'nix edit' and ofborg at the file that defines the attribute,
+  # not this common file.
+  pos = builtins.unsafeGetAttrPos "version" args;
+  meta = with lib; {
+    description = "Powerful package manager that makes package management reliable and reproducible";
+    longDescription = ''
+      Nix is a powerful package manager for Linux and other Unix systems that
+      makes package management reliable and reproducible. It provides atomic
+      upgrades and rollbacks, side-by-side installation of multiple versions of
+      a package, multi-user package management and easy setup of build
+      environments.
+    '';
+    homepage = "https://nixos.org/";
+    license = licenses.lgpl21Plus;
+    inherit maintainers;
+    platforms = platforms.unix;
+    outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
+    mainProgram = "nix";
+  };
+})

pkgs/tools/package-management/nix/default.nix

@@ -20,20 +20,35 @@
 let
 
   # Called for Nix < 2.26
-  common =
+  commonAutoconf =
     args:
-    nixDependencies.callPackage (import ./common.nix ({ inherit lib fetchFromGitHub; } // args)) {
+    nixDependencies.callPackage
+      (import ./common-autoconf.nix ({ inherit lib fetchFromGitHub; } // args))
+      {
+        inherit
+          Security
+          storeDir
+          stateDir
+          confDir
+          ;
+        aws-sdk-cpp =
+          if lib.versionAtLeast args.version "2.12pre" then
+            nixDependencies.aws-sdk-cpp
+          else
+            nixDependencies.aws-sdk-cpp-old;
+      };
+
+  # Called for Nix == 2.28. Transitional until we always use
+  # per-component packages.
+  commonMeson =
+    args:
+    nixDependencies.callPackage (import ./common-meson.nix ({ inherit lib fetchFromGitHub; } // args)) {
       inherit
         Security
         storeDir
         stateDir
         confDir
         ;
-      aws-sdk-cpp =
-        if lib.versionAtLeast args.version "2.12pre" then
-          nixDependencies.aws-sdk-cpp
-        else
-          nixDependencies.aws-sdk-cpp-old;
     };
 
   # https://github.com/NixOS/nix/pull/7585
@@ -140,7 +155,7 @@ lib.makeExtensible (
   (
     {
       nix_2_3 =
-        (common {
+        (commonAutoconf {
           version = "2.3.18";
           hash = "sha256-jBz2Ub65eFYG+aWgSI3AJYvLSghio77fWQiIW1svA9U=";
           patches = [
@@ -155,48 +170,30 @@ lib.makeExtensible (
             enableParallelChecking = false;
           };
 
-      nix_2_24 = common {
+      nix_2_24 = commonAutoconf {
         version = "2.24.14";
         hash = "sha256-SthMCsj6POjawLnJq9+lj/UzObX9skaeN1UGmMZiwTY=";
         self_attribute_name = "nix_2_24";
       };
 
-      nix_2_25 = common {
+      nix_2_25 = commonAutoconf {
         version = "2.25.5";
         hash = "sha256-9xrQhrqHCSqWsQveykZvG/ZMu0se66fUQw3xVSg6BpQ=";
         self_attribute_name = "nix_2_25";
       };
 
-      nixComponents_2_26 = nixDependencies.callPackage ./modular/packages.nix rec {
+      nix_2_26 = commonMeson {
         version = "2.26.3";
-        inherit (self.nix_2_24.meta) maintainers;
-        otherSplices = generateSplicesForNixComponents "nixComponents_2_26";
-        src = fetchFromGitHub {
-          owner = "NixOS";
-          repo = "nix";
-          tag = version;
-          hash = "sha256-5ZV8YqU8mfFmoAMiUEuBqNwk0T3vUR//x1D12BiYCeY=";
-        };
+        hash = "sha256-R+HAPvD+AjiyRHZP/elkvka33G499EKT8ntyF/EPPRI=";
+        self_attribute_name = "nix_2_28";
       };
 
-      # Note, this might eventually become an alias, as packages should
-      # depend on the components they need in `nixComponents_2_26`.
-      nix_2_26 = addTests "nix_2_26" self.nixComponents_2_26.nix-everything;
-
-      nixComponents_2_28 = nixDependencies.callPackage ./modular/packages.nix rec {
+      nix_2_28 = commonMeson {
         version = "2.28.1";
-        inherit (self.nix_2_24.meta) maintainers;
-        otherSplices = generateSplicesForNixComponents "nixComponents_2_28";
-        src = fetchFromGitHub {
-          owner = "NixOS";
-          repo = "nix";
-          rev = version;
-          hash = "sha256-R+HAPvD+AjiyRHZP/elkvka33G499EKT8ntyF/EPPRI=";
-        };
+        hash = "sha256-R+HAPvD+AjiyRHZP/elkvka33G499EKT8ntyF/EPPRI=";
+        self_attribute_name = "nix_2_28";
       };
 
-      nix_2_28 = addTests "nix_2_28" self.nixComponents_2_28.nix-everything;
-
       nixComponents_git = nixDependencies.callPackage ./modular/packages.nix rec {
         version = "2.29pre20250407_${lib.substring 0 8 src.rev}";
         inherit (self.nix_2_24.meta) maintainers;

pkgs/tools/package-management/nix/nix-perl.nix

@@ -14,11 +14,13 @@
   meson,
   ninja,
   bzip2,
+  libarchive,
 }:
 
 let
   atLeast223 = lib.versionAtLeast nix.version "2.23";
   atLeast224 = lib.versionAtLeast nix.version "2.24";
+  atLeast226 = lib.versionAtLeast nix.version "2.26";
 
   mkConfigureOption =
     {
@@ -39,21 +41,24 @@ stdenv.mkDerivation (finalAttrs: {
   postUnpack = "sourceRoot=$sourceRoot/${lib.optionalString atLeast224 "src"}/perl";
 
   # TODO: Remove this once the nix build also uses meson
-  postPatch = lib.optionalString atLeast224 ''
+  postPatch = lib.optionalString (atLeast224 && lib.versionOlder nix.version "2.27") ''
     substituteInPlace lib/Nix/Store.xs \
       --replace-fail 'config-util.hh' 'nix/config.h' \
       --replace-fail 'config-store.hh' 'nix/config.h'
   '';
 
-  buildInputs = [
-    boost
-    bzip2
-    curl
-    libsodium
-    nix
-    perl
-    xz
-  ] ++ lib.optional (stdenv.hostPlatform.isDarwin) Security;
+  buildInputs =
+    [
+      boost
+      bzip2
+      curl
+      libsodium
+      nix
+      perl
+      xz
+    ]
+    ++ lib.optional (stdenv.hostPlatform.isDarwin) Security
+    ++ lib.optional atLeast226 libarchive;
 
   # Not cross-safe since Nix checks for curl/perl via
   # NEED_PROG/find_program, but both seem to be needed at runtime