diff --git a/pkgs/build-support/docker/nix-prefetch-docker b/pkgs/build-support/docker/nix-prefetch-docker
index f551d37cda96f..20c2190cc9c90 100755
--- a/pkgs/build-support/docker/nix-prefetch-docker
+++ b/pkgs/build-support/docker/nix-prefetch-docker
@@ -121,7 +121,9 @@ fi
 
 sourceUrl="docker://$imageName@$imageDigest"
 
-tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")"
+# nix>=2.20 rejects adding symlinked paths to the store, so use realpath
+# to resolve to a physical path. https://github.com/NixOS/nix/issues/11941
+tmpPath="$(realpath "$(mktemp -d --tmpdir skopeo-copy-tmp-XXXXXXXX)")"
 trap "rm -rf \"$tmpPath\"" EXIT
 
 tmpFile="$tmpPath/$(get_name $finalImageName $finalImageTag)"
diff --git a/pkgs/build-support/docker/nix-prefetch-docker.nix b/pkgs/build-support/docker/nix-prefetch-docker.nix
index 18accd135c04e..fac192e7eef9a 100644
--- a/pkgs/build-support/docker/nix-prefetch-docker.nix
+++ b/pkgs/build-support/docker/nix-prefetch-docker.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, makeWrapper, nix, skopeo, jq }:
+{ lib, stdenv, makeWrapper, nix, skopeo, jq, coreutils }:
 
 stdenv.mkDerivation {
   name = "nix-prefetch-docker";
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
   installPhase = ''
     install -vD ${./nix-prefetch-docker} $out/bin/$name;
     wrapProgram $out/bin/$name \
-      --prefix PATH : ${lib.makeBinPath [ nix skopeo jq ]} \
+      --prefix PATH : ${lib.makeBinPath [ nix skopeo jq coreutils ]} \
       --set HOME /homeless-shelter
   '';
 
diff --git a/pkgs/build-support/fetchbzr/nix-prefetch-bzr b/pkgs/build-support/fetchbzr/nix-prefetch-bzr
index 184f2485ce57b..2e6b0f24d05d4 100755
--- a/pkgs/build-support/fetchbzr/nix-prefetch-bzr
+++ b/pkgs/build-support/fetchbzr/nix-prefetch-bzr
@@ -42,7 +42,9 @@ fi
 # If we don't know the hash or a path with that hash doesn't exist,
 # download the file and add it to the store.
 if test -z "$finalPath"; then
-    tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/bzr-checkout-tmp-XXXXXXXX")"
+    # nix>=2.20 rejects adding symlinked paths to the store, so use realpath
+    # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941
+    tmpPath="$(realpath "$(mktemp -d --tmpdir bzr-checkout-tmp-XXXXXXXX)")"
     trap "rm -rf \"$tmpPath\"" EXIT
 
     tmpFile="$tmpPath/$dstFile"
diff --git a/pkgs/build-support/fetchcvs/nix-prefetch-cvs b/pkgs/build-support/fetchcvs/nix-prefetch-cvs
index 4438f44026f2a..6b8fcf5f82c67 100755
--- a/pkgs/build-support/fetchcvs/nix-prefetch-cvs
+++ b/pkgs/build-support/fetchcvs/nix-prefetch-cvs
@@ -20,7 +20,9 @@ fi
 
 
 mkTempDir() {
-    tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-cvs-XXXXXXXX")"
+    # nix>=2.20 rejects adding symlinked paths to the store, so use realpath
+    # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941
+    tmpPath="$(realpath "$(mktemp -d --tmpdir nix-prefetch-csv-XXXXXXXX)")"
     trap removeTempDir EXIT
 }
 
diff --git a/pkgs/build-support/fetchgit/nix-prefetch-git b/pkgs/build-support/fetchgit/nix-prefetch-git
index 1e8ac0ec66ef9..69f35dc3bea0e 100755
--- a/pkgs/build-support/fetchgit/nix-prefetch-git
+++ b/pkgs/build-support/fetchgit/nix-prefetch-git
@@ -453,8 +453,9 @@ else
     # If we don't know the hash or a path with that hash doesn't exist,
     # download the file and add it to the store.
     if test -z "$finalPath"; then
-
-        tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/git-checkout-tmp-XXXXXXXX")"
+        # nix>=2.20 rejects adding symlinked paths to the store, so use realpath
+        # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941
+        tmpPath="$(realpath "$(mktemp -d --tmpdir git-checkout-tmp-XXXXXXXX)")"
         exit_handlers+=(remove_tmpPath)
 
         tmpFile="$tmpPath/$(url_to_name "$url" "$rev")"
diff --git a/pkgs/build-support/fetchhg/nix-prefetch-hg b/pkgs/build-support/fetchhg/nix-prefetch-hg
index 94c6b1ec6945c..2199ccdbf4afb 100755
--- a/pkgs/build-support/fetchhg/nix-prefetch-hg
+++ b/pkgs/build-support/fetchhg/nix-prefetch-hg
@@ -42,8 +42,9 @@ fi
 # If we don't know the hash or a path with that hash doesn't exist,
 # download the file and add it to the store.
 if [[ -z "$finalPath" ]]; then
-
-    tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/hg-checkout-tmp-XXXXXXXX")"
+    # nix>=2.20 rejects adding symlinked paths to the store, so use realpath
+    # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941
+    tmpPath="$(realpath "$(mktemp -d --tmpdir hg-checkout-tmp-XXXXXXXX)")"
     cleanup() { x=$?; rm -rf "$tmpPath"; exit $x; }; trap cleanup EXIT
 
     tmpArchive="$tmpPath/hg-archive"
diff --git a/pkgs/build-support/fetchsvn/nix-prefetch-svn b/pkgs/build-support/fetchsvn/nix-prefetch-svn
index 03b9eb9a03dfd..1164b484373ab 100755
--- a/pkgs/build-support/fetchsvn/nix-prefetch-svn
+++ b/pkgs/build-support/fetchsvn/nix-prefetch-svn
@@ -41,7 +41,9 @@ fi
 # If we don't know the hash or a path with that hash doesn't exist,
 # download the file and add it to the store.
 if test -z "$finalPath"; then
-    tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/svn-checkout-tmp-XXXXXXXX")"
+    # nix>=2.20 rejects adding symlinked paths to the store, so use realpath
+    # to resolve to a physical path. https://github.com/NixOS/nix/issues/11941
+    tmpPath="$(realpath "$(mktemp -d --tmpdir svn-checkout-tmp-XXXXXXXX)")"
     trap "rm -rf \"$tmpPath\"" EXIT
 
     tmpFile="$tmpPath/$dstFile"
diff --git a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix
index aca8c2fbb4de8..47f4e5d07d089 100644
--- a/pkgs/tools/package-management/nix-prefetch-scripts/default.nix
+++ b/pkgs/tools/package-management/nix-prefetch-scripts/default.nix
@@ -13,7 +13,7 @@ let mkPrefetchScript = tool: src: deps:
     installPhase = ''
       install -vD ${src} $out/bin/$name;
       wrapProgram $out/bin/$name \
-        --prefix PATH : ${lib.makeBinPath (deps ++ [ gnused nix ])} \
+        --prefix PATH : ${lib.makeBinPath (deps ++ [ coreutils gnused nix ])} \
         --set HOME /homeless-shelter
     '';
 
@@ -28,7 +28,7 @@ let mkPrefetchScript = tool: src: deps:
 in rec {
   nix-prefetch-bzr = mkPrefetchScript "bzr" ../../../build-support/fetchbzr/nix-prefetch-bzr [ breezy ];
   nix-prefetch-cvs = mkPrefetchScript "cvs" ../../../build-support/fetchcvs/nix-prefetch-cvs [ cvs ];
-  nix-prefetch-git = mkPrefetchScript "git" ../../../build-support/fetchgit/nix-prefetch-git [ coreutils findutils gawk git git-lfs ];
+  nix-prefetch-git = mkPrefetchScript "git" ../../../build-support/fetchgit/nix-prefetch-git [ findutils gawk git git-lfs ];
   nix-prefetch-hg  = mkPrefetchScript "hg"  ../../../build-support/fetchhg/nix-prefetch-hg   [ mercurial ];
   nix-prefetch-svn = mkPrefetchScript "svn" ../../../build-support/fetchsvn/nix-prefetch-svn [ subversion ];