From 19879ac4c15ab985d9e2aab1879d9dd6745f0eec Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Sat, 31 May 2025 18:00:03 +0200
Subject: [PATCH] systemd: check udev rules outputs in installCheckPhase

`udevCheckHook` relies on `udevadm` from systemd to
check udev rules outputs of packages at build time.
Previously, we had no tests in systemd itself which
assured `udevadm` runs correctly. Neither did we
check udev rules output of the systemd package.
We can not use `udevCheckHook` to check systemd, as
that would introduce infinite recursion. So, instead,
we simply check the installed rule output explicitly
in systemd's `installCheckPhase`. Be aware `doInstallCheck`
will be disabled if the buildPlatform can not execute
the hostPlatform, so while `udevCheckHook` can check
udev rules on Linux -> Linux cross compilation,
systemd itself will have its udev rules checked for
native builds only.
---
 pkgs/os-specific/linux/systemd/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 0d1dbb6eba33..f6b9c58845e5 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -836,6 +836,20 @@ stdenv.mkDerivation (finalAttrs: {
       mv $out/lib/sysusers.d $out/example
     '';
 
+  doInstallCheck = true;
+
+  # check udev rules exposed by systemd
+  # can't use `udevCheckHook` here as that would introduce infinite recursion
+  installCheckPhase = ''
+    runHook preInstallCheck
+
+    ${lib.optionalString (
+      !buildLibsOnly
+    ) "$out/bin/udevadm verify --resolve-names=never --no-style $out/lib/udev/rules.d"}
+
+    runHook postInstallCheck
+  '';
+
   # Avoid *.EFI binary stripping.
   # At least on aarch64-linux strip removes too much from PE32+ files:
   #   https://github.com/NixOS/nixpkgs/issues/169693