Merge remote-tracking branch 'origin/master' into lazy-trees

tests/containers.nix

@@ -16,11 +16,11 @@ makeTest ({
         { virtualisation.writableStore = true;
           virtualisation.diskSize = 2048;
           virtualisation.additionalPaths =
-            [ pkgs.stdenv
+            [ pkgs.stdenvNoCC
               (import ./systemd-nspawn.nix { inherit nixpkgs; }).toplevel
             ];
           virtualisation.memorySize = 4096;
-          nix.binaryCaches = lib.mkForce [ ];
+          nix.settings.substituters = lib.mkForce [ ];
           nix.extraOptions =
             ''
               extra-experimental-features = nix-command auto-allocate-uids cgroups
@@ -38,30 +38,30 @@ makeTest ({
     # Test that 'id' gives the expected result in various configurations.
 
     # Existing UIDs, sandbox.
-    host.succeed("nix build --no-auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-1")
+    host.succeed("nix build -v --no-auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-1")
     host.succeed("[[ $(cat ./result) = 'uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)' ]]")
 
     # Existing UIDs, no sandbox.
-    host.succeed("nix build --no-auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-2")
+    host.succeed("nix build -v --no-auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-2")
     host.succeed("[[ $(cat ./result) = 'uid=30001(nixbld1) gid=30000(nixbld) groups=30000(nixbld)' ]]")
 
     # Auto-allocated UIDs, sandbox.
-    host.succeed("nix build --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-3")
+    host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-3")
     host.succeed("[[ $(cat ./result) = 'uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)' ]]")
 
     # Auto-allocated UIDs, no sandbox.
-    host.succeed("nix build --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-4")
+    host.succeed("nix build -v --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-4")
     host.succeed("[[ $(cat ./result) = 'uid=872415232 gid=30000(nixbld) groups=30000(nixbld)' ]]")
 
     # Auto-allocated UIDs, UID range, sandbox.
-    host.succeed("nix build --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-5 --arg uidRange true")
+    host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-5 --arg uidRange true")
     host.succeed("[[ $(cat ./result) = 'uid=0(root) gid=0(root) groups=0(root)' ]]")
 
     # Auto-allocated UIDs, UID range, no sandbox.
-    host.fail("nix build --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-6 --arg uidRange true")
+    host.fail("nix build -v --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-6 --arg uidRange true")
 
     # Run systemd-nspawn in a Nix build.
-    host.succeed("nix build --auto-allocate-uids --sandbox -L --offline --impure --file ${./systemd-nspawn.nix} --argstr nixpkgs ${nixpkgs}")
+    host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./systemd-nspawn.nix} --argstr nixpkgs ${nixpkgs}")
     host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
   '';
 

tests/fetchGitSubmodules.sh

@@ -14,6 +14,15 @@ subRepo=$TEST_ROOT/gitSubmodulesSub
 
 rm -rf ${rootRepo} ${subRepo} $TEST_HOME/.cache/nix
 
+# Submodules can't be fetched locally by default, which can cause
+# information leakage vulnerabilities, but for these tests our
+# submodule is intentionally local and it's all trusted, so we
+# disable this restriction. Setting it per repo is not sufficient, as
+# the repo-local config does not apply to the commands run from
+# outside the repos by Nix.
+export XDG_CONFIG_HOME=$TEST_HOME/.config
+git config --global protocol.file.allow always
+
 initGitRepo() {
     git init $1
     git -C $1 config user.email "foobar@example.com"

tests/flakes/build-paths.sh

@@ -6,7 +6,7 @@ flake2Dir=$TEST_ROOT/flake2
 mkdir -p $flake1Dir $flake2Dir
 
 writeSimpleFlake $flake2Dir
-tar cfz $TEST_ROOT/flake.tar.gz -C $TEST_ROOT flake2 
+tar cfz $TEST_ROOT/flake.tar.gz -C $TEST_ROOT flake2
 hash=$(nix hash path $flake2Dir)
 
 dep=$(nix store add-path ./common.sh)

tests/flakes/check.sh

@@ -41,9 +41,9 @@ nix flake check $flakeDir
 cat > $flakeDir/flake.nix <<EOF
 {
   outputs = { self }: {
-    nixosModules.foo = {
+    nixosModules.foo = assert false; {
       a.b.c = 123;
-      foo = assert false; true;
+      foo = true;
     };
   };
 }
@@ -63,18 +63,6 @@ EOF
 
 nix flake check $flakeDir
 
-cat > $flakeDir/flake.nix <<EOF
-{
-  outputs = { self }: {
-    nixosModule = { config, pkgs }: {
-      a.b.c = 123;
-    };
-  };
-}
-EOF
-
-(! nix flake check $flakeDir)
-
 cat > $flakeDir/flake.nix <<EOF
 {
   outputs = { self }: {

tests/github-flakes.nix

@@ -149,7 +149,7 @@ makeTest (
           virtualisation.diskSize = 2048;
           virtualisation.additionalPaths = [ pkgs.hello pkgs.fuse ];
           virtualisation.memorySize = 4096;
-          nix.binaryCaches = lib.mkForce [ ];
+          nix.settings.substituters = lib.mkForce [ ];
           nix.extraOptions = "experimental-features = nix-command flakes";
           networking.hosts.${(builtins.head nodes.github.config.networking.interfaces.eth1.ipv4.addresses).address} =
             [ "channels.nixos.org" "api.github.com" "github.com" ];

tests/lang/eval-okay-ind-string.nix

@@ -110,7 +110,7 @@ let
     And finally to interpret \n etc. as in a string: ''\n, ''\r, ''\t.
   '';
 
-  # Regression test: antiquotation in '${x}' should work, but didn't.
+  # Regression test: string interpolation in '${x}' should work, but didn't.
   s15 = let x = "bla"; in ''
     foo
     '${x}'

tests/lang/eval-okay-intersectAttrs.exp

@@ -0,0 +1 @@
+[ { } { a = 1; } { a = 1; } { a = "a"; } { m = 1; } { m = "m"; } { n = 1; } { n = "n"; } { n = 1; p = 2; } { n = "n"; p = "p"; } { n = 1; p = 2; } { n = "n"; p = "p"; } { a = "a"; b = "b"; c = "c"; d = "d"; e = "e"; f = "f"; g = "g"; h = "h"; i = "i"; j = "j"; k = "k"; l = "l"; m = "m"; n = "n"; o = "o"; p = "p"; q = "q"; r = "r"; s = "s"; t = "t"; u = "u"; v = "v"; w = "w"; x = "x"; y = "y"; z = "z"; } true ]

tests/lang/eval-okay-intersectAttrs.nix

@@ -0,0 +1,50 @@
+let
+  alphabet =
+  { a = "a";
+    b = "b";
+    c = "c";
+    d = "d";
+    e = "e";
+    f = "f";
+    g = "g";
+    h = "h";
+    i = "i";
+    j = "j";
+    k = "k";
+    l = "l";
+    m = "m";
+    n = "n";
+    o = "o";
+    p = "p";
+    q = "q";
+    r = "r";
+    s = "s";
+    t = "t";
+    u = "u";
+    v = "v";
+    w = "w";
+    x = "x";
+    y = "y";
+    z = "z";
+  };
+  foo = {
+    inherit (alphabet) f o b a r z q u x;
+    aa = throw "aa";
+  };
+  alphabetFail = builtins.mapAttrs throw alphabet;
+in
+[ (builtins.intersectAttrs { a = abort "l1"; } { b = abort "r1"; })
+  (builtins.intersectAttrs { a = abort "l2"; } { a = 1; })
+  (builtins.intersectAttrs alphabetFail { a = 1; })
+  (builtins.intersectAttrs  { a = abort "laa"; } alphabet)
+  (builtins.intersectAttrs alphabetFail { m = 1; })
+  (builtins.intersectAttrs  { m = abort "lam"; } alphabet)
+  (builtins.intersectAttrs alphabetFail { n = 1; })
+  (builtins.intersectAttrs  { n = abort "lan"; } alphabet)
+  (builtins.intersectAttrs alphabetFail { n = 1; p = 2; })
+  (builtins.intersectAttrs  { n = abort "lan2"; p = abort "lap"; } alphabet)
+  (builtins.intersectAttrs alphabetFail { n = 1; p = 2; })
+  (builtins.intersectAttrs  { n = abort "lan2"; p = abort "lap"; } alphabet)
+  (builtins.intersectAttrs alphabetFail alphabet)
+  (builtins.intersectAttrs alphabet foo == builtins.intersectAttrs foo alphabet)
+]

tests/local.mk

@@ -94,6 +94,7 @@ nix_tests = \
   fmt.sh \
   eval-store.sh \
   why-depends.sh \
+  ca/why-depends.sh \
   import-derivation.sh \
   ca/import-derivation.sh \
   nix_path.sh \
@@ -123,8 +124,6 @@ endif
 
 install-tests += $(foreach x, $(nix_tests), tests/$(x))
 
-tests-environment = NIX_REMOTE= $(bash) -e
-
 clean-files += $(d)/common.sh $(d)/config.nix $(d)/ca/config.nix
 
 test-deps += tests/common.sh tests/config.nix tests/ca/config.nix

tests/nix-copy-closure.nix

@@ -15,7 +15,7 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pk
         { config, lib, pkgs, ... }:
         { virtualisation.writableStore = true;
           virtualisation.additionalPaths = [ pkgA pkgD.drvPath ];
-          nix.binaryCaches = lib.mkForce [ ];
+          nix.settings.substituters = lib.mkForce [ ];
         };
 
       server =

tests/nss-preload.nix

@@ -98,9 +98,9 @@ rec {
         { address = "192.168.0.10"; prefixLength = 24; }
       ];
 
-      nix.sandboxPaths = lib.mkForce [];
-      nix.binaryCaches = lib.mkForce [];
-      nix.useSandbox = lib.mkForce true;
+      nix.settings.extra-sandbox-paths = lib.mkForce [];
+      nix.settings.substituters = lib.mkForce [];
+      nix.settings.sandbox = lib.mkForce true;
     };
   };
 

tests/remote-builds.nix

@@ -16,7 +16,7 @@ let
     { config, pkgs, ... }:
     { services.openssh.enable = true;
       virtualisation.writableStore = true;
-      nix.useSandbox = true;
+      nix.settings.sandbox = true;
     };
 
   # Trivial Nix expression to build remotely.
@@ -44,7 +44,7 @@ in
 
       client =
         { config, lib, pkgs, ... }:
-        { nix.maxJobs = 0; # force remote building
+        { nix.settings.max-jobs = 0; # force remote building
           nix.distributedBuilds = true;
           nix.buildMachines =
             [ { hostName = "builder1";
@@ -62,7 +62,7 @@ in
             ];
           virtualisation.writableStore = true;
           virtualisation.additionalPaths = [ config.system.build.extraUtils ];
-          nix.binaryCaches = lib.mkForce [ ];
+          nix.settings.substituters = lib.mkForce [ ];
           programs.ssh.extraConfig = "ConnectTimeout 30";
         };
     };

tests/setuid.nix

@@ -13,9 +13,9 @@ makeTest {
   nodes.machine =
     { config, lib, pkgs, ... }:
     { virtualisation.writableStore = true;
-      nix.binaryCaches = lib.mkForce [ ];
+      nix.settings.substituters = lib.mkForce [ ];
       nix.nixPath = [ "nixpkgs=${lib.cleanSource pkgs.path}" ];
-      virtualisation.additionalPaths = [ pkgs.stdenv pkgs.pkgsi686Linux.stdenv ];
+      virtualisation.additionalPaths = [ pkgs.stdenvNoCC pkgs.pkgsi686Linux.stdenvNoCC ];
     };
 
   testScript = { nodes }: ''

tests/sourcehut-flakes.nix

@@ -108,7 +108,7 @@ makeTest (
             virtualisation.diskSize = 2048;
             virtualisation.additionalPaths = [ pkgs.hello pkgs.fuse ];
             virtualisation.memorySize = 4096;
-            nix.binaryCaches = lib.mkForce [ ];
+            nix.settings.substituters = lib.mkForce [ ];
             nix.extraOptions = ''
               experimental-features = nix-command flakes
               flake-registry = https://git.sr.ht/~NixOS/flake-registry/blob/master/flake-registry.json

tests/why-depends.sh

@@ -6,6 +6,9 @@ cp ./dependencies.nix ./dependencies.builder0.sh ./config.nix $TEST_HOME
 
 cd $TEST_HOME
 
+nix why-depends --derivation --file ./dependencies.nix input2_drv input1_drv
+nix why-depends --file ./dependencies.nix input2_drv input1_drv
+
 nix-build ./dependencies.nix -A input0_drv -o dep
 nix-build ./dependencies.nix -o toplevel