diff --git a/configure.ac b/configure.ac
index 1bc4f17b0..b97e25bbd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -308,7 +308,12 @@ AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
 
 # Optional dependencies for better normalizing file system data
 AC_CHECK_HEADERS([sys/xattr.h])
-AC_CHECK_FUNCS([llistxattr lremovexattr])
+AS_IF([test "$ac_cv_header_sys_xattr_h" = "yes"],[
+  AC_CHECK_FUNCS([llistxattr lremovexattr])
+  AS_IF([test "$ac_cv_func_llistxattr" = "yes" && test "$ac_cv_func_lremovexattr" = "yes"],[
+    AC_DEFINE([HAVE_ACL_SUPPORT], [1], [Define if we can manipulate file system Access Control Lists])
+  ])
+])
 
 # Look for aws-cpp-sdk-s3.
 AC_LANG_PUSH(C++)
diff --git a/flake.nix b/flake.nix
index a8fc105e8..9217de9af 100644
--- a/flake.nix
+++ b/flake.nix
@@ -234,11 +234,11 @@
         buildNoGc = forAllSystems (system: self.packages.${system}.nix.overrideAttrs (a: { configureFlags = (a.configureFlags or []) ++ ["--enable-gc=no"];}));
 
         buildNoTests = forAllSystems (system:
-          self.packages.${system}.nix.overrideAttrs (a: {
-            doCheck =
-              assert ! a?dontCheck;
-              false;
-          })
+          self.packages.${system}.nix.override {
+            doCheck = false;
+            doInstallCheck = false;
+            installUnitTests = false;
+          }
         );
 
         # Perl bindings for various platforms.
diff --git a/package.nix b/package.nix
index b5ff45083..56276ecc4 100644
--- a/package.nix
+++ b/package.nix
@@ -214,6 +214,9 @@ in {
   ] ++ lib.optionals (!stdenv.hostPlatform.isWindows) [
     editline
     lowdown
+  ] ++ lib.optionals buildUnitTests [
+    gtest
+    rapidcheck
   ] ++ lib.optional stdenv.isLinux libseccomp
     ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid
     # There have been issues building these dependencies
@@ -232,11 +235,6 @@ in {
   dontBuild = !attrs.doBuild;
   doCheck = attrs.doCheck;
 
-  checkInputs = [
-    gtest
-    rapidcheck
-  ];
-
   nativeCheckInputs = [
     git
     mercurial
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index b35dc37a1..cf34ae354 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -946,7 +946,9 @@ public:
           may be useful in certain scenarios (e.g. to spin up containers or
           set up userspace network interfaces in tests).
         )"};
+#endif
 
+#if HAVE_ACL_SUPPORT
     Setting<StringSet> ignoredAcls{
         this, {"security.selinux", "system.nfs4_acl", "security.csm"}, "ignored-acls",
         R"(
diff --git a/src/libstore/posix-fs-canonicalise.cc b/src/libstore/posix-fs-canonicalise.cc
index 5edda0157..8b29e90d4 100644
--- a/src/libstore/posix-fs-canonicalise.cc
+++ b/src/libstore/posix-fs-canonicalise.cc
@@ -1,4 +1,4 @@
-#if HAVE_SYS_XATTR_H
+#if HAVE_ACL_SUPPORT
 # include <sys/xattr.h>
 #endif
 
@@ -78,7 +78,7 @@ static void canonicalisePathMetaData_(
     if (!(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode)))
         throw Error("file '%1%' has an unsupported type", path);
 
-#if HAVE_SYS_XATTR_H && HAVE_LLISTXATTR && HAVE_LREMOVEXATTR
+#if HAVE_ACL_SUPPORT
     /* Remove extended attributes / ACLs. */
     ssize_t eaSize = llistxattr(path.c_str(), nullptr, 0);