Hello, I’d like to know if there are any plans around how to deal with the merging/deploying of the upcoming OpenSSL 3.0.7 release. As it will fix a critical vulnerability, and that class is ‘likely to be exploitable’, I’m hoping maybe some special considerations have been made.
I imagine other people are also trying to make plans around dealing with this, so any information from the NixOS side would be helpful.
It’s passed through chat: https://matrix.to/#/#security:nixos.org
As usual in those cases, there will be effort to make it faster than normal updates, but it will surely take a few days to get all the *-linux binaries and even longer for *-darwin.
Thank you. I notice that NixOS isn’t on the list of distributions that receive advanced notice/patches. Are there any plans for NixOS to get access to embargoed vulnerabilities to pre-build fixes.
The nixos infrastructure doesn’t really lend itself to doing stuff “behind the scenes”.
Also from a technical nix perspective, an openssl package with a patch applied is a different derivation than an openssl package that has a different source. So we can’t really use a patched version as a substitute for a new release (maybe ca derivations can help here, but only if the patched version creates an exactly similar output to the new release).
In these kinds of circumstances, isn’t there a way to get the openssl update to users faster (without waiting for a rebuild of all depending packages?)
Just thinking out loud, something like setting systemwide LD_LIBRARY_PATH to the new openssl package?
See system.replaceRuntimeDependencies in man configuration.nix
Today I gave this a go on my laptop. I’m using a flake-based NixOS configuration.
First I looked which processes are using openssl:
$ sudo lsof $(nix build --inputs-from . nixpkgs#openssl.out --print-out-paths)/lib/libssl.so
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nix-daemo 1258 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
NetworkMa 1439 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
redis-ser 1584 redis mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
wpa_suppl 1636 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
.flamesho 2082 bob.vanderlinden mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
It seems that at least these processes are using libssl of openssl 3.0.5 (the version of openssl in nixpkgs defined in the flake lock file).
Next I added the following to my NixOS configuration:
system.replaceRuntimeDependencies = [{
original = pkgs.openssl;
replacement = pkgs.openssl.overrideAttrs (oldAttrs: {
version = "3.0.X";
});
}];
This doesn’t really patch openssl, but just changes the nix-store path from openssl-3.0.5 to openssl-3.0.X, just so I can see that processes are indeed using 3.0.X and not 3.0.5 anymore.
I attempt to apply the configuration for the next boot:
$ nixos-rebuild --use-remote-sudo --flake . boot
error: 'builtins.storePath' is not allowed in pure evaluation mode
at /nix/store/9m8drnpifyl5qsx93g6ll2xw6wkps03z-source/pkgs/build-support/replace-dependency.nix:49:18:
48|
49| oldStorepath = builtins.storePath (discard (toString oldDependency));
| ^
50|
(use '--show-trace' to show detailed location information)
Ah, so apparently using flakes implies a pure evaluation and system.replaceRuntimeDependencies is impure. I’ll apply the configuration using --impure (which succeeds) and reboot the system:
$ nixos-rebuild --use-remote-sudo --flake . boot --impure
$ reboot
After rebooting there are still processes using the original openssl version:
$ sudo lsof $(nix build --inputs-from . nixpkgs#openssl.out --print-out-paths)/lib/libssl.so
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nix-daemo 1314 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
NetworkMa 1436 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
redis-ser 1581 redis mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
wpa_suppl 1653 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
.flamesho 2007 bob.vanderlinden mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
Next, I tried setting LD_LIBRARY_PATH. I have tried environment.variables.LD_LIBRARY_PATH, but that doesn’t apply to systemd services. So, next I tried systemd.globalEnvironment.LD_LIBARY_PATH as follows:
systemd.globalEnvironment.LD_LIBRARY_PATH =
let
openssl-patched = pkgs.openssl.overrideAttrs
(oldAttrs: {
version = "3.0.X";
});
in
"${openssl-patched.out}/lib";
After rebooting most processes are indeed using 3.0.X and not 3.0.5 anymore. Only wpa_supplicant showed up as using openssl-3.0.5:
$ sudo lsof $(nix build --inputs-from . nixpkgs#openssl.out --print-out-paths)/lib/libssl.so
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
wpa_suppl 1650 root mem REG 254,1 808120 7345799 /nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5/lib/libssl.so.3
Maybe wpa_supplicant overwrites LD_LIBRARY_PATH, or has openssl hardcoded some other way. Not sure. I haven’t dug into this further, as I’m more interested in making system.replaceRuntimeDependencies work.
I’m interested why system.replaceRuntimeDependencies doesn’t work for me. Flakes? Impure? Something else?
Also, is using lsof valid for checking whether processes are still using openssl 3.0.5?
EDIT: Also interesting is using why-depends to determine which parts of the system are depending on the unpatched openssl version:
$ nix why-depends --all --inputs-from . .#nixosConfigurations.$HOST.config.system.build.toplevel nixpkgs#openssl.out
/nix/store/hjsna4y11n30l8pc6ql2jqfcqd8k9g23-nixos-system-NVC3919-22.11.20221025.f994293
├───/nix/store/77c9qlw0mmzbhl5f72sxqrxzrkyynds0-systemd-251.5
│ ├───/nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5
│ ├───/nix/store/1mdiz3knga8234bigm4hgz35rgxkypa4-curl-7.85.0
│ │ ├───/nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5
│ │ └───/nix/store/59a9bq5kjfjm2i8hhdnalc8g7cv9cxq2-libssh2-1.10.0
│ │ └───/nix/store/9cj4b9c912dmisk35npiakjk7mjqr3wn-openssl-3.0.5
│ ├───/nix/store/ab74lf55czfd6pl8af83dgnrw714pdv8-libfido2-1.12.0
...
Not sure whether this output should change when using system.replaceRuntimeDependencies?
Couldn’t we create a fixed output derivation for the patched source rather than adding the patch to the actual build derivation? If we apply patches the same as they’re applied in a released source, they’d have the same hash and nothing would have to be rebuilt.
replaceRuntimeDependencies works by bind mounting over the original store path, so you won’t see a different path.
Check the contents of the 3.0.5 build in your store and it should now actually contain the 3.0.X version (you may need to actually edit it in some way to demonstrate this). You should also be able to see the bind mount in your mount -a list.
I got this wrong, don’t listen to this.
Does it? I don’t see any bind mounting happening in the code:
The FODs would need to be equivalent. So you would need to apply all the changes from the last release up to the next. At that point, may as well ask the upstream to just cut the tag and update to that new version.
and if it was bind mounts, where would the constraint about needing to have the same name/path length come from.
That said, a solution that did use bind mounts to change a package is both interesting and scary
Huh, my bad. I don’t know what’s up then.
Time to go implement that bind mount solution!
binaries: you don’t want to screw up offsets in them because that will very likely break them. thus the path has to be the same length.
Yes, if doing actual replacement that’s clear - I mean I can’t see the need for that constraint in the scenario where bind mounts are being used, since in that case the path seen by the binary is not just the same length but the same path.
So it argues against that being the implementation.
It is a good idea indeed!
The replacement method is impure and from what I’m reading in source, quite nasty. However, it is possible to replace one single package with another. The constraint of the Nix store path needing to be the same length is unfortunate and surprising when upgrading from .9 to .10.
Because of the impurity it’s quite hard to understand how it behaves. Overwriting existing store paths probably has permanent effects, removing a replacement after having it applied will probably not revert the replacement?
The LD_LIBRARY_PATH is bad as well, as it will override all openssl dependencies. It isn’t possible to replace specific instances of the library with a patched version.
The bindmounts seems like a better alternative to both solutions. 
replaceDependency uses builtins.toString to get the store path, so pkgs.openssl is coerced into the store path of the default output (bin).
Additionally, other outputs (e.g. bin) may also depend on the out outputs so you might want to replace that as well.
The following seems to almost work:
# Based on https://discourse.nixos.org/t/openssl-3-0-7-update-2022-11-01-faq/22875/8
system.replaceRuntimeDependencies =
let
nixpkgsfixed = builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/eeca5969b3f42ac943639aaec503816f053e5e53.tar.gz";
inherit (pkgs.callPackage (nixpkgsfixed + "/pkgs/development/libraries/openssl") {}) openssl_3;
in
builtins.map
(output: {
original = pkgs.openssl_3.${output};
replacement =openssl_3.${output};
})
# Needs to be toposorted so that the original package is not reintroduced into the closure.
[ "out" "doc" "debug" "man" "bin" "dev"];
Weirdly, it does not seem to affect the coreutils from the system path, even though it looks to me like any other part of the system. Not sure why but I probably would not worry about it. Just verify that there are no other stragglers on your system:
$ nix build .#nixosConfigurations.azazel.config.system.build.toplevel --impure
$ nix-store -qR result/ | grep openssl
/nix/store/5g3nmx5zvhg8v95bhknd04cvjwx35mjn-openssl-3.0.7
/nix/store/dmdyrv7n0097pkrc7rpx4x9a5ybrvyql-openssl-3.0.7-bin
/nix/store/c8y3682qycg3fx7l810wga0fbk81j5ml-openssl-3.0.7-dev
/nix/store/lvsm1vq00akl4im6kk2xdmv3j7mx05g5-openssl-1.1.1q
/nix/store/3vgabphlxamjfwvlfbg2f3ia7a679kil-openssl-3.0.5
/nix/store/dr8lybxpqhbhqmllx9br6c44jflsxxhl-php-openssl-8.0.25
/nix/store/bj8b0dh0yi01h9g74ixxf3v9j546ijl6-php-openssl-8.1.12
$ nix why-depends --precise --all result/ /nix/store/3vgabphlxamjfwvlfbg2f3ia7a679kil-openssl-3.0.5
/nix/store/b2s42x02vqizwqwl5cj2b4sc66d2sc5v-nixos-system-azazel-22.11.20221031.d40fea9
├───sw -> /nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path
│ → /nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path
│ └───bin/[ -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/[
│ bin/b2sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/b2sum
│ bin/base32 -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/base32
│ bin/base64 -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/base64
│ bin/basename -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/basename
│ bin/basenc -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/basenc
│ bin/cat -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/cat
│ bin/chcon -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/chcon
│ bin/chgrp -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/chgrp
│ bin/chmod -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/chmod
│ bin/chown -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/chown
│ bin/chroot -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/chroot
│ bin/cksum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/cksum
│ bin/comm -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/comm
│ bin/coreutils -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/coreutils
│ bin/cp -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/cp
│ bin/csplit -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/csplit
│ bin/cut -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/cut
│ bin/date -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/date
│ bin/dd -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/dd
│ bin/df -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/df
│ bin/dir -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/dir
│ bin/dircolors -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/dircolors
│ bin/dirname -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/dirname
│ bin/du -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/du
│ bin/echo -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/echo
│ bin/env -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/env
│ bin/expand -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/expand
│ bin/expr -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/expr
│ bin/factor -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/factor
│ bin/false -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/false
│ bin/fmt -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/fmt
│ bin/fold -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/fold
│ bin/groups -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/groups
│ bin/head -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/head
│ bin/hostid -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/hostid
│ bin/id -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/id
│ bin/install -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/install
│ bin/join -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/join
│ bin/link -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/link
│ bin/ln -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/ln
│ bin/logname -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/logname
│ bin/ls -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/ls
│ bin/md5sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/md5sum
│ bin/mkdir -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/mkdir
│ bin/mkfifo -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/mkfifo
│ bin/mknod -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/mknod
│ bin/mktemp -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/mktemp
│ bin/mv -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/mv
│ bin/nice -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/nice
│ bin/nl -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/nl
│ bin/nohup -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/nohup
│ bin/nproc -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/nproc
│ bin/numfmt -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/numfmt
│ bin/od -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/od
│ bin/paste -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/paste
│ bin/pathchk -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/pathchk
│ bin/pinky -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/pinky
│ bin/pr -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/pr
│ bin/printenv -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/printenv
│ bin/printf -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/printf
│ bin/ptx -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/ptx
│ bin/pwd -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/pwd
│ bin/readlink -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/readlink
│ bin/realpath -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/realpath
│ bin/rm -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/rm
│ bin/rmdir -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/rmdir
│ bin/runcon -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/runcon
│ bin/seq -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/seq
│ bin/sha1sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sha1sum
│ bin/sha224sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sha224sum
│ bin/sha256sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sha256sum
│ bin/sha384sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sha384sum
│ bin/sha512sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sha512sum
│ bin/shred -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/shred
│ bin/shuf -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/shuf
│ bin/sleep -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sleep
│ bin/sort -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sort
│ bin/split -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/split
│ bin/stat -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/stat
│ bin/stdbuf -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/stdbuf
│ bin/stty -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/stty
│ bin/sum -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sum
│ bin/sync -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/sync
│ bin/tac -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/tac
│ bin/tail -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/tail
│ bin/tee -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/tee
│ bin/test -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/test
│ bin/timeout -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/timeout
│ bin/touch -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/touch
│ bin/tr -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/tr
│ bin/true -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/true
│ bin/truncate -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/truncate
│ bin/tsort -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/tsort
│ bin/tty -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/tty
│ bin/uname -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/uname
│ bin/unexpand -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/unexpand
│ bin/uniq -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/uniq
│ bin/unlink -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/unlink
│ bin/uptime -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/uptime
│ bin/users -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/users
│ bin/vdir -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/vdir
│ bin/wc -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/wc
│ bin/who -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/who
│ bin/whoami -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/whoami
│ bin/yes -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/bin/yes
│ share/man/man1/b2sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/b2sum.1.gz
│ share/man/man1/base32.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/base32.1.gz
│ share/man/man1/base64.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/base64.1.gz
│ share/man/man1/basename.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/basename.1.gz
│ share/man/man1/basenc.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/basenc.1.gz
│ share/man/man1/cat.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/cat.1.gz
│ share/man/man1/chcon.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/chcon.1.gz
│ share/man/man1/chgrp.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/chgrp.1.gz
│ share/man/man1/chmod.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/chmod.1.gz
│ share/man/man1/chown.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/chown.1.gz
│ share/man/man1/chroot.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/chroot.1.gz
│ share/man/man1/cksum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/cksum.1.gz
│ share/man/man1/comm.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/comm.1.gz
│ share/man/man1/coreutils.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/coreutils.1.gz
│ share/man/man1/cp.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/cp.1.gz
│ share/man/man1/csplit.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/csplit.1.gz
│ share/man/man1/cut.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/cut.1.gz
│ share/man/man1/date.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/date.1.gz
│ share/man/man1/dd.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/dd.1.gz
│ share/man/man1/df.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/df.1.gz
│ share/man/man1/dir.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/dir.1.gz
│ share/man/man1/dircolors.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/dircolors.1.gz
│ share/man/man1/dirname.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/dirname.1.gz
│ share/man/man1/du.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/du.1.gz
│ share/man/man1/echo.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/echo.1.gz
│ share/man/man1/env.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/env.1.gz
│ share/man/man1/expand.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/expand.1.gz
│ share/man/man1/expr.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/expr.1.gz
│ share/man/man1/factor.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/factor.1.gz
│ share/man/man1/false.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/false.1.gz
│ share/man/man1/fmt.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/fmt.1.gz
│ share/man/man1/fold.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/fold.1.gz
│ share/man/man1/groups.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/groups.1.gz
│ share/man/man1/head.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/head.1.gz
│ share/man/man1/hostid.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/hostid.1.gz
│ share/man/man1/id.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/id.1.gz
│ share/man/man1/install.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/install.1.gz
│ share/man/man1/join.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/join.1.gz
│ share/man/man1/link.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/link.1.gz
│ share/man/man1/ln.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/ln.1.gz
│ share/man/man1/logname.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/logname.1.gz
│ share/man/man1/ls.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/ls.1.gz
│ share/man/man1/md5sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/md5sum.1.gz
│ share/man/man1/mkdir.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/mkdir.1.gz
│ share/man/man1/mkfifo.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/mkfifo.1.gz
│ share/man/man1/mknod.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/mknod.1.gz
│ share/man/man1/mktemp.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/mktemp.1.gz
│ share/man/man1/mv.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/mv.1.gz
│ share/man/man1/nice.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/nice.1.gz
│ share/man/man1/nl.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/nl.1.gz
│ share/man/man1/nohup.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/nohup.1.gz
│ share/man/man1/nproc.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/nproc.1.gz
│ share/man/man1/numfmt.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/numfmt.1.gz
│ share/man/man1/od.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/od.1.gz
│ share/man/man1/paste.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/paste.1.gz
│ share/man/man1/pathchk.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/pathchk.1.gz
│ share/man/man1/pinky.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/pinky.1.gz
│ share/man/man1/pr.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/pr.1.gz
│ share/man/man1/printenv.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/printenv.1.gz
│ share/man/man1/printf.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/printf.1.gz
│ share/man/man1/ptx.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/ptx.1.gz
│ share/man/man1/pwd.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/pwd.1.gz
│ share/man/man1/readlink.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/readlink.1.gz
│ share/man/man1/realpath.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/realpath.1.gz
│ share/man/man1/rm.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/rm.1.gz
│ share/man/man1/rmdir.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/rmdir.1.gz
│ share/man/man1/runcon.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/runcon.1.gz
│ share/man/man1/seq.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/seq.1.gz
│ share/man/man1/sha1sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sha1sum.1.gz
│ share/man/man1/sha224sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sha224sum.1.gz
│ share/man/man1/sha256sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sha256sum.1.gz
│ share/man/man1/sha384sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sha384sum.1.gz
│ share/man/man1/sha512sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sha512sum.1.gz
│ share/man/man1/shred.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/shred.1.gz
│ share/man/man1/shuf.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/shuf.1.gz
│ share/man/man1/sleep.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sleep.1.gz
│ share/man/man1/sort.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sort.1.gz
│ share/man/man1/split.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/split.1.gz
│ share/man/man1/stat.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/stat.1.gz
│ share/man/man1/stdbuf.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/stdbuf.1.gz
│ share/man/man1/stty.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/stty.1.gz
│ share/man/man1/sum.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sum.1.gz
│ share/man/man1/sync.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/sync.1.gz
│ share/man/man1/tac.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/tac.1.gz
│ share/man/man1/tail.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/tail.1.gz
│ share/man/man1/tee.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/tee.1.gz
│ share/man/man1/test.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/test.1.gz
│ share/man/man1/timeout.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/timeout.1.gz
│ share/man/man1/touch.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/touch.1.gz
│ share/man/man1/tr.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/tr.1.gz
│ share/man/man1/true.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/true.1.gz
│ share/man/man1/truncate.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/truncate.1.gz
│ share/man/man1/tsort.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/tsort.1.gz
│ share/man/man1/tty.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/tty.1.gz
│ share/man/man1/uname.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/uname.1.gz
│ share/man/man1/unexpand.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/unexpand.1.gz
│ share/man/man1/uniq.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/uniq.1.gz
│ share/man/man1/unlink.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/unlink.1.gz
│ share/man/man1/uptime.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/uptime.1.gz
│ share/man/man1/users.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/users.1.gz
│ share/man/man1/vdir.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/vdir.1.gz
│ share/man/man1/wc.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/wc.1.gz
│ share/man/man1/who.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/who.1.gz
│ share/man/man1/whoami.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/whoami.1.gz
│ share/man/man1/yes.1.gz -> /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1/share/man/man1/yes.1.gz
│ → /nix/store/czv7vylzrr6cflbbh7qq33f09s08dars-coreutils-full-9.1
│ └───bin/coreutils: …cxx-stage4-6.2.1/lib:/nix/store/3vgabphlxamjfwvlfbg2f3ia7a679kil-openssl-3.0.5/lib:/nix/store/g8…
│ → /nix/store/3vgabphlxamjfwvlfbg2f3ia7a679kil-openssl-3.0.5
└───activate: …vx3jnmg-setup-etc.pl /nix/store/lrdf8qlj5jl343yfyv6vnmzm1qqmalqz-etc/etc...if (( _localstatus > …
etc -> /nix/store/lrdf8qlj5jl343yfyv6vnmzm1qqmalqz-etc/etc
→ /nix/store/lrdf8qlj5jl343yfyv6vnmzm1qqmalqz-etc
├───etc/terminfo -> /nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path/share/terminfo
│ → /nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path
├───etc/dbus-1 -> /nix/store/gpvyqd84g6fnvf0x8z5jdr5a9062bvb5-dbus-1
│ → /nix/store/gpvyqd84g6fnvf0x8z5jdr5a9062bvb5-dbus-1
│ └───session.conf: …cludedir><servicedir>/nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path/share/dbus-1/servic…
│ system.conf: …cludedir><servicedir>/nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path/share/dbus-1/system…
│ → /nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path
├───etc/systemd/system -> /nix/store/f94d70xasc6mvlwzmvia1dd1zhlvxijx-system-units
│ → /nix/store/f94d70xasc6mvlwzmvia1dd1zhlvxijx-system-units
│ ├───systemd-fsck@.service.d/overrides.conf -> /nix/store/m2xn9kq3jdgavvw3lk9x70alj03n6r6q-unit-systemd-fsck-.service/systemd-fsck@.service
│ │ → /nix/store/m2xn9kq3jdgavvw3lk9x70alj03n6r6q-unit-systemd-fsck-.service
│ │ └───systemd-fsck@.service: …e".Environment="PATH=/nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path/bin:/nix/store/d5c4…
│ │ → /nix/store/hpibav2firqp10d2bf867zyfv494s7cy-system-path
│ └───dbus.service.d/overrides.conf -> /nix/store/bdr3v25nsx76cf2ialprazmkqfzpf8rn-unit-dbus.service/dbus.service
│ → /nix/store/bdr3v25nsx76cf2ialprazmkqfzpf8rn-unit-dbus.service
│ └───dbus.service: …].X-Restart-Triggers=/nix/store/gpvyqd84g6fnvf0x8z5jdr5a9062bvb5-dbus-1..[Service].Environment="…
│ → /nix/store/gpvyqd84g6fnvf0x8z5jdr5a9062bvb5-dbus-1
└───etc/systemd/user -> /nix/store/58hnbqlk77vnw7mvk0jh4mqhydaxwlpn-user-units
→ /nix/store/58hnbqlk77vnw7mvk0jh4mqhydaxwlpn-user-units
└───dbus.service.d/overrides.conf -> /nix/store/02vi61zw02z6xcxlvzac17ry9xvabrq1-unit-dbus.service/dbus.service
→ /nix/store/02vi61zw02z6xcxlvzac17ry9xvabrq1-unit-dbus.service
└───dbus.service: …].X-Restart-Triggers=/nix/store/gpvyqd84g6fnvf0x8z5jdr5a9062bvb5-dbus-1..[Service].Environment="…
→ /nix/store/gpvyqd84g6fnvf0x8z5jdr5a9062bvb5-dbus-1
Also, ideally we would modify system.replaceRuntimeDependencies or pkgs.replaceDependency to replace all inputs automatically.
Bumping for visibility; the build with 3.0.7 is up for nixos-unstable.
NB: It looks like there’s a build problem with libreoffice, which is likely to be a popular package; I just removed it for now to let the upgrade proceed.
People can switch to libreoffice-fresh in the meantime, before someone fixes the incompatibility.