Read missing attributes for static Darwin

[RossComputerGuy]

Motivation

Context

Summary by CodeRabbit

• Refactor
  • Reorganized internal package matrix generation for clearer attribute composition; no user-facing behavior or public interfaces changed.
• Chores
  • CI build updated to produce an additional static build artifact, improving coverage of static variants.
  • Build flags for a native library were adjusted to improve compatibility for static builds with certain toolchains.
  • Added a conditional system header include to enable a close-range syscall fallback on Linux/FreeBSD.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Refactors the per-system package attribute generation in flake.nix to emit base Linux-only outputs alongside stdenv-derived variants via a flatMapAttrs over stdenvs, stringifies boehmgc compile flags with conditional LLVM/Clang additions in packaging/dependencies.nix, updates the CI build_static step to build both nix-cli-static and nix-cli-libcxxStdenv-static, and conditionally includes <sys/syscall.h> on Linux/FreeBSD to expose SYS_close_range.

Changes

Package Attribute Matrix Refactoring

Layer / File(s)	Summary
Package Attribute Matrix Construction flake.nix	The packages.${system} generation now emits base Linux-only package attributes (${pkgName}, ${pkgName}-static) and composes stdenv-specific variants (${pkgName}-${stdenvName}, ${pkgName}-${stdenvName}-static) via a refactored flatMapAttrs (lib.genAttrs stdenvs ...) structure.

Boehm GC Compile Flags

Layer / File(s)	Summary
Compile flags stringification packaging/dependencies.nix	boehmgc.overrideAttrs now sets NIX_CFLAGS_COMPILE to builtins.toString ( [ base flags ] ++ optionalFlags ), preserving conditional additions for Clang/static/LLVM libc++ builds.

CI Static Build Targets

Layer / File(s)	Summary
Static build invocation .github/workflows/build.yml	jobs.build_static.steps now runs nix build for both .#packages.${{ inputs.system }}.nix-cli-static and .#packages.${{ inputs.system }}.nix-cli-libcxxStdenv-static instead of only nix-cli-static.

Unix Syscall Header Include

Layer / File(s)	Summary
Platform header include src/libutil/unix/file-descriptor.cc	Adds a conditional include of <sys/syscall.h> on Linux/FreeBSD to ensure SYS_close_range is available for the close-range fallback used by unix_close_range.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through flakes at night,

I stitched the attrs so they align just right,
flags turned to strings beneath the moon,
CI calls two statics in one swoon,
header included — close ranges resume.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'Read missing attributes for static Darwin' is partially related to the changeset. It mentions 'static Darwin' but the actual changes span flake.nix refactoring, workflow updates, dependency overrides, and Linux/FreeBSD syscall handling—not primarily focused on Darwin static builds.	Update the title to accurately reflect the main changes: refactoring package build matrix in flake.nix and updating build workflows. For example: 'Refactor build matrix generator and update static build handling' or 'Reorganize package build matrix and ci workflow for static builds'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/missing-attributes

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Deployed on https://69fce738fd49feb620aa9b78--determinate-nix.netlify.app

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

flake.nix (1)

464-483: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

linuxOnly guard no longer protects stdenv variants — nix-nswrapper stdenv attrs will be exposed on Darwin.

By placing flatMapAttrs (lib.genAttrs stdenvs …) (line 471) outside lib.optionalAttrs (linuxOnly → …), every ${pkgName}-${stdenvName} and ${pkgName}-${stdenvName}-static entry is now unconditionally produced for every system, bypassing the linuxOnly gate.

For nix-nswrapper (linuxOnly = true) on aarch64-darwin:

• true → false evaluates to false, so lib.optionalAttrs false … correctly returns {} for the base and -static entries (lines 467–469).
• But the flatMapAttrs stdenvs block at line 471 is no longer inside that guard, so nix-nswrapper-clangStdenv, nix-nswrapper-gccStdenv, nix-nswrapper-clangStdenv-static, etc. are exposed in packages.aarch64-darwin, and will fail to build (or fail nix flake check evaluation) on Darwin.

The intended fix — adding the missing ${pkgName}-${stdenvName}-static entries — is correct; it just needs to stay inside the optionalAttrs wrapper:

🐛 Proposed fix: keep `flatMapAttrs stdenvs` inside `optionalAttrs (linuxOnly → …)`

         lib.optionalAttrs (linuxOnly -> nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) (
           {
             # These attributes go right into `packages.<system>`.
             "${pkgName}" = nixpkgsFor.${system}.native.nixComponents2.${pkgName};
             "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents2.${pkgName};
           }
+          // flatMapAttrs (lib.genAttrs stdenvs (_: { })) (
+            stdenvName:
+            { }:
+            {
+              # These attributes go right into `packages.<system>`.
+              "${pkgName}-${stdenvName}" =
+                nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
+            }
+            // lib.optionalAttrs supportsCross {
+              "${pkgName}-${stdenvName}-static" =
+                nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic.nixComponents2.${pkgName};
+            }
+          )
         )
-        // flatMapAttrs (lib.genAttrs stdenvs (_: { })) (
-          stdenvName:
-          { }:
-          {
-            # These attributes go right into `packages.<system>`.
-            "${pkgName}-${stdenvName}" =
-              nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
-          }
-          // lib.optionalAttrs supportsCross {
-            "${pkgName}-${stdenvName}-static" =
-              nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic.nixComponents2.${pkgName};
-          }
-        )

With this fix, non-linuxOnly packages still expose all stdenv and stdenv-static variants on Darwin (since false → false = true), achieving the PR's goal while keeping nix-nswrapper properly excluded.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@flake.nix` around lines 464 - 483, The stdenv variant generation
(flatMapAttrs / lib.genAttrs over stdenvs producing "${pkgName}-${stdenvName}"
and "${pkgName}-${stdenvName}-static") was taken outside the lib.optionalAttrs
(linuxOnly -> ...) guard so linuxOnly packages like nix-nswrapper are exposed on
Darwin; move the entire flatMapAttrs (lib.genAttrs stdenvs ...) block back
inside the surrounding lib.optionalAttrs (linuxOnly ->
nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) so both the
"${pkgName}-${stdenvName}" and corresponding "-static" attributes remain
conditional on linuxOnly, keeping the original pkgName/stdenvName/static
attribute generation but protected by the linuxOnly check.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@flake.nix`:
- Around line 464-483: The stdenv variant generation (flatMapAttrs /
lib.genAttrs over stdenvs producing "${pkgName}-${stdenvName}" and
"${pkgName}-${stdenvName}-static") was taken outside the lib.optionalAttrs
(linuxOnly -> ...) guard so linuxOnly packages like nix-nswrapper are exposed on
Darwin; move the entire flatMapAttrs (lib.genAttrs stdenvs ...) block back
inside the surrounding lib.optionalAttrs (linuxOnly ->
nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) so both the
"${pkgName}-${stdenvName}" and corresponding "-static" attributes remain
conditional on linuxOnly, keeping the original pkgName/stdenvName/static
attribute generation but protected by the linuxOnly check.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8b3d6e75-0499-4987-a825-c59e04f80db6

📥 Commits

Reviewing files that changed from the base of the PR and between 8fb8ad7 and 74ef463.

📒 Files selected for processing (1)

• flake.nix

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@flake.nix`:
- Around line 464-481: The linux-only guard currently wraps only the base
package attributes because lib.optionalAttrs (linuxOnly ->
nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) closes its set early,
so the subsequent flatMapAttrs stdenvs block (producing
"${pkgName}-${stdenvName}" and "${pkgName}-${stdenvName}-static") is merged
unconditionally; update the lib.optionalAttrs invocation so its predicate covers
the entire per-package block (including the flatMapAttrs loop) — e.g., change
the guarded set literal to a guarded expression that encloses both the base
"${pkgName}" / "${pkgName}-static" entries and the flatMapAttrs stdenvs block so
nix-nswrapper and its stdenv variants are only emitted on Linux.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: dff5e1be-af20-47c4-a140-94e208a83308

📥 Commits

Reviewing files that changed from the base of the PR and between 74ef463 and c7d2347.

📒 Files selected for processing (1)

• flake.nix

[coderabbitai]

♻️ Duplicate comments (1)

flake.nix (1)

464-481: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

linuxOnly still doesn’t guard stdenv-derived attributes

On Line 464, the guard closes at Line 468, but the flatMapAttrs merge on Line 469 is unconditional. That still exposes ${pkgName}-${stdenvName} (and -static) for linuxOnly packages on Darwin.

Proposed minimal fix

-              lib.optionalAttrs (linuxOnly -> nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) {
-                # These attributes go right into `packages.<system>`.
-                "${pkgName}" = nixpkgsFor.${system}.native.nixComponents2.${pkgName};
-                "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents2.${pkgName};
-              }
-              // flatMapAttrs (lib.genAttrs stdenvs (_: { })) (
-                stdenvName:
-                { }:
-                {
-                  # These attributes go right into `packages.<system>`.
-                  "${pkgName}-${stdenvName}" =
-                    nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
-                }
-                // lib.optionalAttrs supportsCross {
-                  "${pkgName}-${stdenvName}-static" =
-                    nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic.nixComponents2.${pkgName};
-                }
-              )
+              lib.optionalAttrs (linuxOnly -> nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) (
+                {
+                  # These attributes go right into `packages.<system>`.
+                  "${pkgName}" = nixpkgsFor.${system}.native.nixComponents2.${pkgName};
+                  "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents2.${pkgName};
+                }
+                // flatMapAttrs (lib.genAttrs stdenvs (_: { })) (
+                  stdenvName:
+                  { }:
+                  {
+                    # These attributes go right into `packages.<system>`.
+                    "${pkgName}-${stdenvName}" =
+                      nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
+                  }
+                  // lib.optionalAttrs supportsCross {
+                    "${pkgName}-${stdenvName}-static" =
+                      nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic.nixComponents2.${pkgName};
+                  }
+                )
+              )

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@flake.nix` around lines 464 - 481, The stdenv-derived attributes produced by
flatMapAttrs (the "${pkgName}-${stdenvName}" and
"${pkgName}-${stdenvName}-static" entries generated via
nixpkgsFor.${system}.nativeForStdenv and .pkgsStatic.nixComponents2) are not
guarded by the linuxOnly check; move or wrap the flatMapAttrs block inside the
same lib.optionalAttrs (linuxOnly -> ...) guard (or add an equivalent guard
around the flatMapAttrs result) so those stdenv-derived attributes are only
added when linuxOnly is true.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@flake.nix`:
- Around line 464-481: The stdenv-derived attributes produced by flatMapAttrs
(the "${pkgName}-${stdenvName}" and "${pkgName}-${stdenvName}-static" entries
generated via nixpkgsFor.${system}.nativeForStdenv and
.pkgsStatic.nixComponents2) are not guarded by the linuxOnly check; move or wrap
the flatMapAttrs block inside the same lib.optionalAttrs (linuxOnly -> ...)
guard (or add an equivalent guard around the flatMapAttrs result) so those
stdenv-derived attributes are only added when linuxOnly is true.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 447f7709-44bd-403f-a95f-c607a987e03f

📥 Commits

Reviewing files that changed from the base of the PR and between c7d2347 and fbf5a6b.

📒 Files selected for processing (2)

• .github/workflows/build.yml
• flake.nix

[edolstra]

Why do we need 2 static builds? What's the difference?

[RossComputerGuy]

Darwin uses libc++, typically Linux uses libstdc++. FlakeBOM needs libc++ on Darwin.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build.yml:
- Line 84: The workflow is failing because the build command always tries to
build .#packages.${{ inputs.system }}.nix-cli-libcxxStdenv-static (a Darwin-only
stdenv); change the step so it only requests the libcxxStdenv variant when the
target system actually exposes it (e.g., aarch64-darwin). Concretely, update the
run line that builds .#packages.${{ inputs.system }}.nix-cli-static
.#packages.${{ inputs.system }}.nix-cli-libcxxStdenv-static to either (a) build
only .#packages.${{ inputs.system }}.nix-cli-static for Linux systems, or (b)
dynamically assemble the attribute list using the same logic as the flake’s
fixup function (skip missing attributes) so the .nix-cli-libcxxStdenv-static
attribute is omitted on non-Darwin systems.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c8e2c292-cbfc-4b48-a343-bf0eb1d39938

📥 Commits

Reviewing files that changed from the base of the PR and between fbf5a6b and 37493f9.

📒 Files selected for processing (3)

• .github/workflows/build.yml
• flake.nix
• packaging/dependencies.nix

✅ Files skipped from review due to trivial changes (1)

• flake.nix

[coderabbitai]

♻️ Duplicate comments (1)

flake.nix (1)

464-481: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard scope is still too narrow for linuxOnly packages.

Line 464 only guards the base attributes; Lines 469–481 still generate stdenv variants unconditionally, so linuxOnly packages can still appear on Darwin via ${pkgName}-${stdenvName} (and -static).

Suggested minimal fix

-              lib.optionalAttrs (linuxOnly -> nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) {
-                # These attributes go right into `packages.<system>`.
-                "${pkgName}" = nixpkgsFor.${system}.native.nixComponents2.${pkgName};
-                "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents2.${pkgName};
-              }
-              // flatMapAttrs (lib.genAttrs stdenvs (_: { })) (
-                stdenvName:
-                { }:
-                {
-                  # These attributes go right into `packages.<system>`.
-                  "${pkgName}-${stdenvName}" =
-                    nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
-                }
-                // lib.optionalAttrs supportsCross {
-                  "${pkgName}-${stdenvName}-static" =
-                    nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic.nixComponents2.${pkgName};
-                }
-              )
+              lib.optionalAttrs (linuxOnly -> nixpkgsFor.${system}.native.stdenv.hostPlatform.isLinux) (
+                {
+                  # These attributes go right into `packages.<system>`.
+                  "${pkgName}" = nixpkgsFor.${system}.native.nixComponents2.${pkgName};
+                  "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents2.${pkgName};
+                }
+                // flatMapAttrs (lib.genAttrs stdenvs (_: { })) (
+                  stdenvName:
+                  { }:
+                  {
+                    # These attributes go right into `packages.<system>`.
+                    "${pkgName}-${stdenvName}" =
+                      nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
+                  }
+                  // lib.optionalAttrs supportsCross {
+                    "${pkgName}-${stdenvName}-static" =
+                      nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic.nixComponents2.${pkgName};
+                  }
+                )
+              )

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@flake.nix` around lines 464 - 481, The linuxOnly guard currently only wraps
the base attributes and not the stdenv variants, so stdenv-derived keys like
"${pkgName}-${stdenvName}" and their "-static" counterparts are still emitted on
non-Linux systems; fix this by moving or duplicating the lib.optionalAttrs
(linuxOnly -> ...) guard to also cover the flatMapAttrs/ stdenv mapping block
that produces "${pkgName}-${stdenvName}" and "${pkgName}-${stdenvName}-static"
(i.e. wrap the flatMapAttrs (stdenvName: { }: { ... }) block or place an
equivalent conditional inside it so
nixpkgsFor.${system}.nativeForStdenv.${stdenvName} and .pkgsStatic variants are
only created when linuxOnly is true).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@flake.nix`:
- Around line 464-481: The linuxOnly guard currently only wraps the base
attributes and not the stdenv variants, so stdenv-derived keys like
"${pkgName}-${stdenvName}" and their "-static" counterparts are still emitted on
non-Linux systems; fix this by moving or duplicating the lib.optionalAttrs
(linuxOnly -> ...) guard to also cover the flatMapAttrs/ stdenv mapping block
that produces "${pkgName}-${stdenvName}" and "${pkgName}-${stdenvName}-static"
(i.e. wrap the flatMapAttrs (stdenvName: { }: { ... }) block or place an
equivalent conditional inside it so
nixpkgsFor.${system}.nativeForStdenv.${stdenvName} and .pkgsStatic variants are
only created when linuxOnly is true).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5ca26225-47dd-4326-8ed5-4516dfe93747

📥 Commits

Reviewing files that changed from the base of the PR and between 37493f9 and 7a1f470.

📒 Files selected for processing (4)

• .github/workflows/build.yml
• flake.nix
• packaging/dependencies.nix
• src/libutil/unix/file-descriptor.cc

✅ Files skipped from review due to trivial changes (1)

• src/libutil/unix/file-descriptor.cc

🚧 Files skipped from review as they are similar to previous changes (2)

• packaging/dependencies.nix
• .github/workflows/build.yml