Always sanitize derivation name

[roberth]

Description of changes

Make mkDerivation robust.

Fixes #166265

Naive change stats: https://github.com/NixOS/nixpkgs/pull/166383/checks?check_run_id=5751113354
2.7% total alloc, 8% call increase

With optimization: mixed stats.

TODO

• optimize sanitizeDerivationName
• time benchmark. Normally I'd be ok to rely on mem stats alone, but I don't trust regex without a good time measurement (which ofborg can't provide)

Before

benchmarking ~/nix/result/bin/nix-instantiate -A nixosTests.acme
time                 16.87 s    (15.23 s .. 18.43 s)
                     0.999 R²   (0.995 R² .. 1.000 R²)
mean                 16.71 s    (16.52 s .. 16.99 s)
std dev              294.7 ms   (27.40 ms .. 373.5 ms)
variance introduced by outliers: 19% (moderately inflated)

After

benchmarking ~/nix/result/bin/nix-instantiate -A nixosTests.acme
time                 16.77 s    (16.33 s .. 17.14 s)
                     1.000 R²   (1.000 R² .. 1.000 R²)
mean                 16.71 s    (16.66 s .. 16.79 s)
std dev              81.45 ms   (16.44 ms .. 107.6 ms)
variance introduced by outliers: 19% (moderately inflated)

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[infinisil]

I wonder if we could do all the regex matches from this function in one go. Like a regex that only matches invalid names, in which case it returns all the valid parts.

[roberth]

You don't have to do it for performance anyway, because you'll be optmizing for the rare case.
I can see how it might improve maintainability by DRY, but that may be offset by how ugly the expression may become. You can prove me wrong in a follow-up pr, after we decide whether this whole sanitize-everything idea is good or not :)

addressed

[infinisil]

Small nit: Nix's regex engine always adds an implicit ^/$ the beginning/end respectively, so these aren't needed here

[infinisil]

Looks good to me!