diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix
index 39b97b4cb997..831ef2fb77ad 100644
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@@ -20,6 +20,20 @@ import ./make-test-python.nix ({ pkgs, ... }: {
 
     docker.wait_for_unit("sockets.target")
 
+    with subtest("includeStorePath"):
+        with subtest("assumption"):
+            docker.succeed("${examples.helloOnRoot} | docker load")
+            docker.succeed("set -euo pipefail; docker run --rm hello | grep -i hello")
+            docker.succeed("docker image rm hello:latest")
+        with subtest("includeStorePath = false; breaks example"):
+            docker.succeed("${examples.helloOnRootNoStore} | docker load")
+            docker.fail("set -euo pipefail; docker run --rm hello | grep -i hello")
+            docker.succeed("docker image rm hello:latest")
+        with subtest("includeStorePath = false; works with mounted store"):
+            docker.succeed("${examples.helloOnRootNoStore} | docker load")
+            docker.succeed("set -euo pipefail; docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
+            docker.succeed("docker image rm hello:latest")
+
     with subtest("Ensure Docker images use a stable date by default"):
         docker.succeed(
             "docker load --input='${examples.bash}'"
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 54eb13d38ff3..5bbf1b63f2b0 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -37,6 +37,10 @@
 
 let
 
+  inherit (lib)
+    optionals
+    ;
+
   mkDbExtraCommand = contents: let
     contentsList = if builtins.isList contents then contents else [ contents ];
   in ''
@@ -786,7 +790,11 @@ rec {
     fakeRootCommands ? "",
     # We pick 100 to ensure there is plenty of room for extension. I
     # believe the actual maximum is 128.
-    maxLayers ? 100
+    maxLayers ? 100,
+    # Whether to include store paths in the image. You generally want to leave
+    # this on, but tooling may disable this to insert the store paths more
+    # efficiently via other means, such as bind mounting the host store.
+    includeStorePaths ? true,
   }:
     assert
       (lib.assertMsg (maxLayers > 1)
@@ -834,7 +842,9 @@ rec {
         '';
       };
 
-      closureRoots = [ baseJson ] ++ contentsList;
+      closureRoots = optionals includeStorePaths /* normally true */ (
+        [ baseJson ] ++ contentsList
+      );
       overallClosure = writeText "closure" (lib.concatStringsSep " " closureRoots);
 
       # These derivations are only created as implementation details of docker-tools,
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 7dbee38feeb4..de90eab3ea1d 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -516,4 +516,29 @@ rec {
     bash
     layeredImageWithFakeRootCommands
   ];
+
+  helloOnRoot = pkgs.dockerTools.streamLayeredImage {
+    name = "hello";
+    tag = "latest";
+    contents = [
+      (pkgs.buildEnv {
+        name = "hello-root";
+        paths = [ pkgs.hello ];
+      })
+    ];
+    config.Cmd = [ "hello" ];
+  };
+
+  helloOnRootNoStore = pkgs.dockerTools.streamLayeredImage {
+    name = "hello";
+    tag = "latest";
+    contents = [
+      (pkgs.buildEnv {
+        name = "hello-root";
+        paths = [ pkgs.hello ];
+      })
+    ];
+    config.Cmd = [ "hello" ];
+    includeStorePaths = false;
+  };
 }
diff --git a/pkgs/development/libraries/physics/apfel/default.nix b/pkgs/development/libraries/physics/apfel/default.nix
index e3fd0a26a7fd..b0fff0c92ba5 100644
--- a/pkgs/development/libraries/physics/apfel/default.nix
+++ b/pkgs/development/libraries/physics/apfel/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "apfel";
-  version = "3.0.4";
+  version = "3.0.5";
 
   src = fetchFromGitHub {
     owner = "scarrazza";
     repo = "apfel";
     rev = version;
-    sha256 = "13n5ygbqvskg3qq5n4sff1nbii0li0zf1vqissai7x0hynxgy7p6";
+    sha256 = "sha256-szEtSC/NouYlHSjVoX9Hoh7yQ0W82rVccYEF1L2tXoU=";
   };
 
   buildInputs = [ gfortran lhapdf python2 zlib ];
diff --git a/pkgs/development/tools/rust/cargo-msrv/default.nix b/pkgs/development/tools/rust/cargo-msrv/default.nix
index c6a02a4dff21..74c2d9e680f0 100644
--- a/pkgs/development/tools/rust/cargo-msrv/default.nix
+++ b/pkgs/development/tools/rust/cargo-msrv/default.nix
@@ -11,16 +11,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-msrv";
-  version = "0.5.0";
+  version = "0.6.0";
 
   src = fetchFromGitHub {
     owner = "foresterre";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-7XOpK6+JVV/p+g/Lb/ORUC9msME0vtuDbmiCBmuOJ8w=";
+    sha256 = "sha256-DpgZrKy2rEKnI0/t4l3sDtNUhAwwFFSzq4CdRFqAkzY=";
   };
 
-  cargoSha256 = "sha256-KYITZHBcb5G+7PW8kwbHSsereVjH39cVLQjqNaCq2iU=";
+  cargoSha256 = "sha256-ny8EA3dkirxEiFYiSFRxHnjf3mVO2LCWVR8fPHX87Ek=";
 
   passthru = {
     updateScript = nix-update-script {