Sync with upstream 2.32.3

[edolstra]

Motivation

Also updates the nixpkgs lock.

Context

Summary by CodeRabbit

• New Features

  • SSH IPv6 address support now handles zone identifiers properly.

• Bug Fixes

  • Build verification mode (--check) now consistently runs post-build hooks.
  • Improved error handling for invalid flake references.

• Chores

  • Version bumped to 2.32.3.
  • Updated minimum Boost dependency to 1.87.0.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This patch updates Nix to version 2.32.3, improving IPv6 store reference parsing with zone ID support, refining post-build hook invocation in check mode, adjusting build output handling, and bumping the Boost dependency requirement to 1.87.0.

Changes

Cohort / File(s)	Summary
Version Bump \.version	Updated version from 2.32.2 to 2.32.3
Build System nix-meson-build-support/common/meson.build, src/libutil/meson.build	Modified version sanitization to handle plus signs by truncating at '+' before 'pre'; bumped Boost minimum requirement from 1.82.0 to 1.87.0
Documentation & Formatting doc/manual/generate-store-types.nix, misc/zsh/completion.zsh	Reflowed readFile expression with parentheses; relocated shellcheck disable directive after compdef line
Attribute Set Layer Optimization src/libexpr/include/nix/expr/attr-set.hh	Added Boost iterator header; implemented sophisticated duplicate-aware size calculation for layered Bindings using conditional set\_intersection or per-attribute lookup strategy
Flake Reference Parsing src/libflake/flakeref.cc, src/libflake-tests/flakeref.cc, src/libfetchers/git.cc	Replaced assertion with runtime Error for invalid flake regex matches; added test cases for git URLs with refs; optimized GitInputScheme guard to short-circuit on non-git schemes
IPv6 Store Reference & Zone ID Handling src/libstore/store-reference.cc, src/libstore-tests/store-reference.cc, src/libstore-tests/data/store-reference/ssh_unbracketed_ipv6_*.txt	Implemented back-compat for ZoneId parsing in unbracketed IPv6 authorities with percent-encoding normalization; added 6 new test data files and test fixtures covering bracketed/unbracketed IPv6 with zone IDs and edge cases
Build Output & Hook Handling src/libstore/build/derivation-building-goal.cc, src/libstore/build/derivation-goal.cc	Modified check mode to use revalidated outputs instead of builtOutputs to ensure post-build hook invocation; added fallback to record missing expected outputs in builtOutputs
Functional Tests tests/functional/build-hook-list-paths.sh, tests/functional/post-hook.sh	Added new hook script for collecting output paths; introduced conditional regression test for daemon 2.33.0pre20251029 validating post-build hook execution in check mode

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant Build as DerivationBuildingGoal
    participant Check as checkPathValidity()
    participant Hook as Post-Build Hook

    User->>Build: tryToBuild() in bmCheck mode
    alt Old: bmCheck uses builtOutputs
        Build->>Hook: outputs from DerivationBuilder
        Note over Hook: Hook may be skipped if<br/>no new registrations
    else New: bmCheck uses revalidated outputs
        Build->>Check: checkPathValidity(initialOutputs)
        Check-->>Build: (knownOutputs, unknownOutputs)
        Build->>Build: Use unknownOutputs as source
        Build->>Hook: Known + validated outputs
        Note over Hook: Hook always invoked<br/>with revalidated set
    end
    Hook-->>User: Hook results in HOOK_DEST

Loading

sequenceDiagram
    participant Parser as StoreReference Parser
    participant IPv6 as IPv6 Detection
    participant Zone as Zone ID Handler

    Parser->>Parser: Receive unbracketed IPv6 authority
    Parser->>Parser: Strip brackets if present
    Parser->>Parser: Split at '%' delimiter
    alt Zone ID present
        Parser->>Zone: Extract zone indicator
        Parser->>IPv6: Parse IPv6 from pre-% substring
        IPv6-->>Zone: Parsed address
        Zone->>Zone: Percent-encode '%' as %25
        Zone-->>Parser: Rebuild: [IPv6%25zoneId]
    else No Zone ID
        Parser->>IPv6: Parse full authority as IPv6
        IPv6-->>Parser: Parsed address
    end
    Parser-->>Parser: Return normalized store reference

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Attribute set layer optimization (src/libexpr/include/nix/expr/attr-set.hh): Dense logic with conditional strategy selection (set\_intersection vs. per-attribute lookup) requires careful validation of correctness for duplicate counting.
• IPv6 zone ID parsing (src/libstore/store-reference.cc): Back-compat handling with percent-encoding normalization logic demands careful tracing through bracketing, splitting, and reconstruction steps.
• Build output handling changes (src/libstore/build/derivation-*.cc): Control flow modifications in check mode require understanding of original intent and post-build hook semantics to verify correctness.
• Multiple test data files and fixtures (src/libstore-tests/data/store-reference/ssh_unbracketed_ipv6_*.txt, src/libstore-tests/store-reference.cc): Ensure test coverage comprehensively validates zone ID and percent-encoding edge cases.

Possibly related PRs

• Parallel eval performance improvements #194: Refactors mutable Store/LocalStore state into separately allocated/synchronized objects and updates concurrent map handling, potentially overlapping with concurrent access patterns in new IPv6 parsing logic.
• Sync with upstream 2.32.2 #242: Modifies the same .version file with version bumping, directly related to this PR's version update.

Suggested reviewers

• cole-h

Poem

🐰 A version hops forward, from two-thirty-two,
IPv6 zones untangled, now parsing through,
Hooks dance in check mode, so graceful and bright,
Boost bounds grow tighter, all layers feel right!
Hippity-hoppity, tests all abound! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.22% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Sync with upstream 2.32.3' accurately reflects the main change—a version bump from 2.32.2 to 2.32.3 across multiple files, with supporting infrastructure updates.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Deployed on https://690e6375a2f26a72d354677d--determinate-nix.netlify.app