From 837966790cf9d9edb2e9115fcdfe3963795aa88c Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Wed, 24 Apr 2024 12:44:31 +0200
Subject: [PATCH 1/2] tests.config: Simplify example

authy was about to be removed, so this test had to be updated.
---
 pkgs/test/config.nix | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/pkgs/test/config.nix b/pkgs/test/config.nix
index 734e1aace148..24a840af0aea 100644
--- a/pkgs/test/config.nix
+++ b/pkgs/test/config.nix
@@ -2,22 +2,19 @@
 lib.recurseIntoAttrs {
 
   # https://github.com/NixOS/nixpkgs/issues/175196
+  # This test has since been simplified to test the recursion without
+  # the fluff to make it look like a real-world example.
+  # The requirement we test here is:
+  # - `permittedInsecurePackages` must be allowed to
+  #   use `pkgs` to retrieve at least *some* information.
+  #
+  # Instead of `builtins.seq`, the list may be constructed based on actual package info.
   allowPkgsInPermittedInsecurePackages =
     let pkgs = import ../.. {
           config = {
-            permittedInsecurePackages =
-              tempAllow pkgs.authy "2.1.0" [ "electron-9.4.4" ];
+            permittedInsecurePackages = builtins.seq pkgs.glibc.version [];
           };
         };
-        # A simplification of `tempAllow` that doesn't check the version, but
-        # has the same strictness characteristics. Actually checking a version
-        # here would add undue maintenance.
-        #
-        # Original:
-        #     tempAllow = p: v: pa:
-        #       lib.optionals (lib.assertMsg (p.version == v) "${p.name} is no longer at version ${v}, consider removing the tempAllow") pa;
-        #
-        tempAllow = p: v: pa: builtins.seq v builtins.seq p.version pa;
 
     in pkgs.hello;
 

From 8f805a0660d0dca6c9b5bfc12bc2a85a14c0fa6f Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Wed, 24 Apr 2024 12:49:33 +0200
Subject: [PATCH 2/2] pkgs/top-level/config.nix: Refer to test

---
 pkgs/top-level/config.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix
index 5c538abcf5ce..67a9a60dbaea 100644
--- a/pkgs/top-level/config.nix
+++ b/pkgs/top-level/config.nix
@@ -1,5 +1,11 @@
 # This file defines the structure of the `config` nixpkgs option.
 
+# This file is tested in `pkgs/test/config.nix`.
+# Run tests with:
+#
+#     nix-build -A tests.config
+#
+
 { config, lib, ... }:
 
 let