From 523eb4a181060ee60240e76512996bcbe5743c4a Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Sun, 29 May 2022 10:23:16 +0200
Subject: [PATCH 1/2] pkgs.tests: Add regression test for #175196

---
 pkgs/test/config.nix  | 21 +++++++++++++++++++++
 pkgs/test/default.nix |  2 ++
 2 files changed, 23 insertions(+)
 create mode 100644 pkgs/test/config.nix

diff --git a/pkgs/test/config.nix b/pkgs/test/config.nix
new file mode 100644
index 000000000000..6047b013206a
--- /dev/null
+++ b/pkgs/test/config.nix
@@ -0,0 +1,21 @@
+{ lib, ... }:
+lib.recurseIntoAttrs {
+
+  # https://github.com/NixOS/nixpkgs/issues/175196
+  allowPkgsInPermittedInsecurePackages =
+    let pkgs = import ../.. {
+          config = {
+            permittedInsecurePackages =
+              tempAllow pkgs.authy "2.1.0" [ "electron-9.4.4" ];
+          };
+        };
+        # Allow with forgetting
+        tempAllow = p: v: pa:
+          lib.optionals (lib.assertMsg (p.version == v) "${p.name} is no longer at version ${v}, consider removing the tempAllow") pa;
+        # For this test we don't _really_ care about the version though,
+        # only about evaluation strictness
+        tempAllowAlike = p: v: pa: builtins.seq v builtins.seq p.version pa;
+
+    in pkgs.hello;
+
+}
diff --git a/pkgs/test/default.nix b/pkgs/test/default.nix
index ab235d610025..48bd6ac77469 100644
--- a/pkgs/test/default.nix
+++ b/pkgs/test/default.nix
@@ -22,6 +22,8 @@ with pkgs;
   cc-wrapper-libcxx-9 = callPackage ./cc-wrapper { stdenv = llvmPackages_9.libcxxStdenv; };
   stdenv-inputs = callPackage ./stdenv-inputs { };
 
+  config = callPackage ./config.nix { };
+
   haskell = callPackage ./haskell { };
 
   cc-multilib-gcc = callPackage ./cc-wrapper/multilib.nix { stdenv = gccMultiStdenv; };

From 1a7c0eac1572f56afa970e5fe6493b85cecf51a5 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Sun, 29 May 2022 10:24:20 +0200
Subject: [PATCH 2/2] pkgs/config.nix: Fix infinite recursion when freeform
 config is strict in pkgs

https://github.com/NixOS/nixpkgs/issues/175196

The loop involved:

 - pkgs is strict in the config.nix freeformType's produced attrNames,
   as these are included in the config.
 - the attrNames were strict in all the direct attrValues, because of
   scanning for `mkIf`s.

`lazyAttrsOf` removes proper `mkIf` support, which we don't need here.
---
 pkgs/top-level/config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix
index ad06227e74f1..e038973e0858 100644
--- a/pkgs/top-level/config.nix
+++ b/pkgs/top-level/config.nix
@@ -128,7 +128,7 @@ let
 in {
 
   freeformType =
-    let t = lib.types.attrsOf lib.types.raw;
+    let t = lib.types.lazyAttrsOf lib.types.raw;
     in t // {
       merge = loc: defs:
         let r = t.merge loc defs;