Merge staging-next into staging

### Building a `stdenv` package in `nix-shell` {#sec-building-stdenv-package-in-nix-shell}

To build a `stdenv` package in a [`nix-shell`](https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html), use

To build a `stdenv` package in a [`nix-shell`](https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html), enter a shell, find the [phases](#sec-stdenv-phases) you wish to build, then invoke `genericBuild` manually:

Go to an empty directory, invoke `nix-shell` with the desired package, and from inside the shell, set the output variables to a writable directory:

```bash

cd "$(mktemp -d)"

nix-shell '<nixpkgs>' -A some_package

eval "${unpackPhase:-unpackPhase}"

cd $sourceRoot

eval "${patchPhase:-patchPhase}"

eval "${configurePhase:-configurePhase}"

eval "${buildPhase:-buildPhase}"

export out=$(pwd)/out

```

Next, invoke the desired parts of the build.

First, run the phases that generate a working copy of the sources, which will change directory to the sources for you:

```bash

phases="${prePhases[*]:-} unpackPhase patchPhase" genericBuild

```

Then, run more phases up until the failure is reached.

For example, if the failure is in the build phase, the following phases would be required:

```bash

phases="${preConfigurePhases[*]:-} configurePhase ${preBuildPhases[*]:-} buildPhase" genericBuild

```

Re-run a single phase as many times as necessary to examine the failure like so:

```bash

phases="buildPhase" genericBuild

```

To modify a [phase](#sec-stdenv-phases), first print it with

```bash

echo "$buildPhase"

```

Or, if that is empty, for instance, if it is using a function:

```bash

type buildPhase

```

then change it in a text editor, and paste it back to the terminal.

::: {.note}

This method may have some inconsistencies in environment variables and behaviour compared to a normal build within the [Nix build sandbox](https://nixos.org/manual/nix/unstable/language/derivations#builder-execution).

The following is a non-exhaustive list of such differences:

- `TMP`, `TMPDIR`, and similar variables likely point to non-empty directories that the build might conflict with files in.

- Output store paths are not writable, so the variables for outputs need to be overridden to writable paths.

- Other environment variables may be inconsistent with a `nix-build` either due to `nix-shell`'s initialization script or due to the use of `nix-shell` without the `--pure` option.

If the build fails differently inside the shell than in the sandbox, consider using [`breakpointHook`](#breakpointhook) and invoking `nix-build` instead.

The [`--keep-failed`](https://nixos.org/manual/nix/unstable/command-ref/conf-file#opt--keep-failed) option for `nix-build` may also be useful to examine the build directory of a failed build.

:::

## Tools provided by `stdenv` {#sec-tools-of-stdenv}

The standard environment provides the following packages:

- `win-virtio` package was renamed to `virtio-win` to be consistent with the upstream package name.

- `ps3netsrv` has been replaced with the webman-mod fork, the executable has been renamed from `ps3netsrv++` to `ps3netsrv` and cli parameters have changed.

## Other Notable Changes {#sec-release-23.11-notable-changes}

- The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.

    return $cpuinfo =~ /^vendor_id\s*:.* $id$/m;

}

# Determine CPU governor to use

if (-e "/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors") {

    my $governors = read_file("/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors");

    # ondemand governor is not available on sandy bridge or later Intel CPUs

    my @desired_governors = ("ondemand", "powersave");

    my $e;

    foreach $e (@desired_governors) {

        if (index($governors, $e) != -1) {

            last if (push @attrs, "powerManagement.cpuFreqGovernor = lib.mkDefault \"$e\";");

        }

    }

}

# Virtualization support?

push @kernelModules, "kvm-intel" if hasCPUFeature "vmx";

push @kernelModules, "kvm-amd" if hasCPUFeature "svm";

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        ProcSubset = "pid";

        ProcSubset = "all"; # Using "pid" breaks bwrap

        ProtectSystem = "strict";

        #RemoveIPC = true; # Implied by DynamicUser

        RestrictAddressFamilies = [

      ];

    };

    # Work around 'pq: permission denied for schema public' with postgres v15, until a

    # solution for `services.postgresql.ensureUsers` is found.

    # See https://github.com/NixOS/nixpkgs/issues/216989

    systemd.services.postgresql.postStart = lib.mkIf (

      usePostgresql

      && cfg.database.createDatabase

      && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"

    ) (lib.mkAfter ''

      $PSQL -tAc 'ALTER DATABASE "${cfg.database.name}" OWNER TO "${cfg.database.user}";'

    '');

    services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {

      enable = mkDefault true;

      package = mkDefault pkgs.mariadb;