stdenv: fix missing dependencies in __sandboxProfile and __impureHostDeps

Fixes: 7f3ca3e21a22 (stdenv: Fix handling of dependencies and hooks)
Fixes: #237458

4 files changed, 7 insertions, 15 deletions

diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix
index 707ec5c8ebfe8..37d713b5e5341 100644
--- a/pkgs/applications/audio/musescore/default.nix
+++ b/pkgs/applications/audio/musescore/default.nix
@@ -84,11 +84,6 @@ in stdenv'.mkDerivation (finalAttrs: {
     "--set-default QT_QPA_PLATFORM xcb"
   ];
 
-  # HACK `propagatedSandboxProfile` does not appear to actually propagate the
-  # sandbox profile from `qtbase`, see:
-  # https://github.com/NixOS/nixpkgs/issues/237458
-  sandboxProfile = toString qtbase.__propagatedSandboxProfile or null;
-
   nativeBuildInputs = [
     wrapQtAppsHook
     cmake
diff --git a/pkgs/applications/misc/qtpass/default.nix b/pkgs/applications/misc/qtpass/default.nix
index ae26de760ee6d..d401a57dda78a 100644
--- a/pkgs/applications/misc/qtpass/default.nix
+++ b/pkgs/applications/misc/qtpass/default.nix
@@ -23,9 +23,6 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ qmake qttools wrapQtAppsHook ];
 
-  # HACK `propagatedSandboxProfile` does not appear to actually propagate the sandbox profile from `qt5.qtbase`
-  sandboxProfile = toString qtbase.__propagatedSandboxProfile;
-
   qmakeFlags = [
     # setup hook only sets QMAKE_LRELEASE, set QMAKE_LUPDATE too:
     "QMAKE_LUPDATE=${qttools.dev}/bin/lupdate"
diff --git a/pkgs/development/libraries/qtkeychain/default.nix b/pkgs/development/libraries/qtkeychain/default.nix
index 564eb31a71395..9d27d92c62f84 100644
--- a/pkgs/development/libraries/qtkeychain/default.nix
+++ b/pkgs/development/libraries/qtkeychain/default.nix
@@ -23,9 +23,6 @@ stdenv.mkDerivation rec {
 
   dontWrapQtApps = true;
 
-  # HACK `propagatedSandboxProfile` does not appear to actually propagate the sandbox profile from `qtbase`
-  sandboxProfile = toString qtbase.__propagatedSandboxProfile or null;
-
   cmakeFlags = [
     "-DBUILD_WITH_QT6=${if lib.versions.major qtbase.version == "6" then "ON" else "OFF"}"
     "-DQT_TRANSLATIONS_DIR=share/qt/translations"
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 1214d01013838..af68bf890ed29 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -413,25 +413,28 @@ else let
       requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.gcc.arch}" ];
     } // optionalAttrs (stdenv.buildPlatform.isDarwin) (
       let
+        allDependencies = concatLists (concatLists dependencies);
+        allPropagatedDependencies = concatLists (concatLists propagatedDependencies);
+
         computedSandboxProfile =
           concatMap (input: input.__propagatedSandboxProfile or [])
             (stdenv.extraNativeBuildInputs
             ++ stdenv.extraBuildInputs
-            ++ concatLists dependencies);
+            ++ allDependencies);
 
         computedPropagatedSandboxProfile =
           concatMap (input: input.__propagatedSandboxProfile or [])
-            (concatLists propagatedDependencies);
+            allPropagatedDependencies;
 
         computedImpureHostDeps =
           unique (concatMap (input: input.__propagatedImpureHostDeps or [])
             (stdenv.extraNativeBuildInputs
             ++ stdenv.extraBuildInputs
-            ++ concatLists dependencies));
+            ++ allDependencies));
 
         computedPropagatedImpureHostDeps =
           unique (concatMap (input: input.__propagatedImpureHostDeps or [])
-            (concatLists propagatedDependencies));
+            allPropagatedDependencies);
     in {
       inherit __darwinAllowLocalNetworking;
       # TODO: remove `unique` once nix has a list canonicalization primitive