fix: stop committing manifest.lock so nixpkgs can package t3

[limeytexan]

Problem

nixpkgs packages t3 by fetching this repository's source as a fixed-output derivation (the fetchFromGitHub/tarball source). An FOD is forbidden from referencing /nix/store paths — but the committed flox lockfile, .flox/env/manifest.lock, embeds absolute store paths (the resolved glibc output and others, 94 references in total). So building the nixpkgs t3 package fails:

unpacking source archive /nix/var/nix/builds/.../download.tar.gz
error: fixed-output derivations must not reference store paths:
'/nix/store/...-source.drv' references 2 distinct paths, e.g.
'/nix/store/57iz36553175g3178pvxjij8z5rcsd4n-glibc-2.42-61'
error: Cannot build '/nix/store/...-t3-1.1.0.drv'.

The store paths entered the lock when glibc was added to runtime-packages (#21), but any committed lock is fundamentally incompatible with being fetched as an FOD source, because the lock format records resolved store paths.

Fix

• git rm .flox/env/manifest.lock
• Add env/manifest.lock to .flox/.gitignore

flox regenerates the lock locally from manifest.toml on flox activate / flox build, so local development, flox build t3, and flox build nixpkgs-t3 are unaffected. The source tarball nixpkgs fetches simply no longer contains the lock — and therefore no /nix/store references.

Verification (macOS)

• flox build t3 — passes (regenerates the lock locally from manifest.toml).
• flox build nixpkgs-t3 — passes.
• The regenerated lock is correctly gitignored: git status is clean after a flox activate, and git check-ignore matches it.
• git archive HEAD | tar -xO | grep -c /nix/store → 0 (the produced source archive contains no store paths and no manifest.lock), which is the exact condition the FOD requires.

Trade-off

The committed lock previously pinned exact package revisions for reproducible flox builds. Removing it means flox build resolves against the catalog at build time rather than a checked-in pin. This is the necessary cost of being packageable by nixpkgs from source; the alternative (keeping a committed lock) cannot satisfy the FOD no-store-paths rule.

🤖 Generated with Claude Code

[limeytexan]

Elected to instead filter out manifest.lock within the nixpkgs expression by using the fetcher postFetch attribute:

diff --git a/pkgs/by-name/t3/t3/package.nix b/pkgs/by-name/t3/t3/package.nix
index 2017c0d57287..b00b6cdede6d 100644
--- a/pkgs/by-name/t3/t3/package.nix
+++ b/pkgs/by-name/t3/t3/package.nix
@@ -8,13 +8,14 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "t3";
-  version = "1.0.9";
+  version = "1.1.0";
 
   src = fetchFromGitHub {
     owner = "flox";
     repo = "t3";
     tag = "v${finalAttrs.version}";
-    hash = "sha256-42T0qQ3zK1jTRU+gcBzEet5rHZ6QuknCbPdbGPNlETI=";
+    hash = "sha256-49nmFvyA5HtX0rTqG4vrCdQPo78HMF7wIN4StItShB4=";
+    postFetch = "rm -f $out/.flox/env/manifest.lock";
   };
 
   makeFlags = [