Merge branch 'read-only-local-store' into overlayfs-store

2025-07-10 04:43:53 +02:00 · 2023-06-19 16:12:04 +01:00 · 2023-06-19 16:12:04 +01:00 · 71f3bad749
commit 71f3bad749
parent 04d8f202a7 4e72b8483e
79 changed files with 1152 additions and 367 deletions
--- a/tests/build.sh
+++ b/tests/build.sh
@ -129,3 +129,7 @@ nix build --impure -f multiple-outputs.nix --json e --no-link | jq --exit-status
    (.drvPath | match(".*multiple-outputs-e.drv")) and
    (.outputs | keys == ["a_a", "b"]))
 '
+
+# Make sure that `--stdin` works and does not apply any defaults
+printf "" | nix build --no-link --stdin --json | jq --exit-status '. == []'
+printf "%s\n" "$drv^*" | nix build --no-link --stdin --json | jq --exit-status '.[0]|has("drvPath")'
--- a/tests/fetchClosure.sh
+++ b/tests/fetchClosure.sh
@ -5,6 +5,12 @@ enableFeatures "fetch-closure"
 clearStore
 clearCacheCache

+# Old daemons don't properly zero out the self-references when
+# calculating the CA hashes, so this breaks `nix store
+# make-content-addressed` which expects the client and the daemon to
+# compute the same hash
+requireDaemonNewerThan "2.16.0pre20230524"
+
 # Initialize binary cache.
 nonCaPath=$(nix build --json --file ./dependencies.nix --no-link | jq -r .[].outputs.out)
 caPath=$(nix store make-content-addressed --json $nonCaPath | jq -r '.rewrites | map(.) | .[]')
--- a/tests/gc.sh
+++ b/tests/gc.sh
@ -50,31 +50,3 @@ if test -e $outPath/foobar; then false; fi
 # Check that the store is empty.
 rmdir $NIX_STORE_DIR/.links
 rmdir $NIX_STORE_DIR
-
-## Test `nix-collect-garbage -d`
-testCollectGarbageD () {
-    clearProfiles
-    # Run two `nix-env` commands, should create two generations of
-    # the profile
-    nix-env -f ./user-envs.nix -i foo-1.0
-    nix-env -f ./user-envs.nix -i foo-2.0pre1
-    [[ $(nix-env --list-generations | wc -l) -eq 2 ]]
-
-    # Clear the profile history. There should be only one generation
-    # left
-    nix-collect-garbage -d
-    [[ $(nix-env --list-generations | wc -l) -eq 1 ]]
-}
-# `nix-env` doesn't work with CA derivations, so let's ignore that bit if we're
-# using them
-if [[ -z "${NIX_TESTS_CA_BY_DEFAULT:-}" ]]; then
-    testCollectGarbageD
-
-    # Run the same test, but forcing the profiles at their legacy location under
-    # /nix/var/nix.
-    #
-    # Regression test for #8294
-    rm ~/.nix-profile
-    ln -s $NIX_STATE_DIR/profiles/per-user/me ~/.nix-profile
-    testCollectGarbageD
-fi
--- a/tests/lang/eval-fail-bad-string-interpolation-1.nix
+++ b/tests/lang/eval-fail-bad-string-interpolation-1.nix
--- a/tests/lang/eval-fail-bad-string-interpolation-2.nix
+++ b/tests/lang/eval-fail-bad-string-interpolation-2.nix
--- a/tests/lang/eval-fail-bad-string-interpolation-3.nix
+++ b/tests/lang/eval-fail-bad-string-interpolation-3.nix
--- a/tests/lang/eval-okay-path-string-interpolation.exp
+++ b/tests/lang/eval-okay-path-string-interpolation.exp
--- a/tests/lang/eval-okay-path-string-interpolation.nix
+++ b/tests/lang/eval-okay-path-string-interpolation.nix
--- a/tests/local.mk
+++ b/tests/local.mk
@ -16,6 +16,7 @@ nix_tests = \
  flakes/flake-in-submodule.sh \
  ca/gc.sh \
  gc.sh \
+  nix-collect-garbage-d.sh \
  remote-store.sh \
  legacy-ssh-store.sh \
  lang.sh \
@ -135,6 +136,7 @@ nix_tests = \
  flakes/show.sh \
  impure-derivations.sh \
  path-from-hash-part.sh \
+  test-libstoreconsumer.sh \
  toString-path.sh \
  read-only-store.sh

@ -154,6 +156,7 @@ test-deps += \
  tests/common/vars-and-functions.sh \
  tests/config.nix \
  tests/ca/config.nix \
+  tests/test-libstoreconsumer/test-libstoreconsumer \
  tests/dyn-drv/config.nix

 ifeq ($(BUILD_SHARED_LIBS), 1)
--- a/tests/nix-channel.sh
+++ b/tests/nix-channel.sh
@ -8,6 +8,7 @@ rm -f $TEST_HOME/.nix-channels $TEST_HOME/.nix-profile
 nix-channel --add http://foo/bar xyzzy
 nix-channel --list | grepQuiet http://foo/bar
 nix-channel --remove xyzzy
+[[ $(nix-channel --list-generations | wc -l) == 1 ]]

 [ -e $TEST_HOME/.nix-channels ]
 [ "$(cat $TEST_HOME/.nix-channels)" = '' ]
@ -38,6 +39,7 @@ ln -s dependencies.nix $TEST_ROOT/nixexprs/default.nix
 # Test the update action.
 nix-channel --add file://$TEST_ROOT/foo
 nix-channel --update
+[[ $(nix-channel --list-generations | wc -l) == 2 ]]

 # Do a query.
 nix-env -qa \* --meta --xml --out-path > $TEST_ROOT/meta.xml
--- a/tests/nix-collect-garbage-d.sh
+++ b/tests/nix-collect-garbage-d.sh
@ -0,0 +1,40 @@
+source common.sh
+
+clearStore
+
+## Test `nix-collect-garbage -d`
+
+# TODO make `nix-env` doesn't work with CA derivations, and make
+# `ca/nix-collect-garbage-d.sh` wrapper.
+
+testCollectGarbageD () {
+    clearProfiles
+    # Run two `nix-env` commands, should create two generations of
+    # the profile
+    nix-env -f ./user-envs.nix -i foo-1.0 "$@"
+    nix-env -f ./user-envs.nix -i foo-2.0pre1 "$@"
+    [[ $(nix-env --list-generations "$@" | wc -l) -eq 2 ]]
+
+    # Clear the profile history. There should be only one generation
+    # left
+    nix-collect-garbage -d
+    [[ $(nix-env --list-generations "$@" | wc -l) -eq 1 ]]
+}
+
+testCollectGarbageD
+
+# Run the same test, but forcing the profiles an arbitrary location.
+rm ~/.nix-profile
+ln -s $TEST_ROOT/blah ~/.nix-profile
+testCollectGarbageD
+
+# Run the same test, but forcing the profiles at their legacy location under
+# /nix/var/nix.
+#
+# Note that we *don't* use the default profile; `nix-collect-garbage` will
+# need to check the legacy conditional unconditionally not just follow
+# `~/.nix-profile` to pass this test.
+#
+# Regression test for #8294
+rm ~/.nix-profile
+testCollectGarbageD --profile "$NIX_STATE_DIR/profiles/per-user/me"
--- a/tests/nixos/tarball-flakes.nix
+++ b/tests/nixos/tarball-flakes.nix
@ -0,0 +1,84 @@
+{ lib, config, nixpkgs, ... }:
+
+let
+  pkgs = config.nodes.machine.nixpkgs.pkgs;
+
+  root = pkgs.runCommand "nixpkgs-flake" {}
+    ''
+      mkdir -p $out/stable
+
+      set -x
+      dir=nixpkgs-${nixpkgs.shortRev}
+      cp -prd ${nixpkgs} $dir
+      # Set the correct timestamp in the tarball.
+      find $dir -print0 | xargs -0 touch -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${builtins.substring 12 2 nixpkgs.lastModifiedDate} --
+      tar cfz $out/stable/${nixpkgs.rev}.tar.gz $dir --hard-dereference
+
+      echo 'Redirect "/latest.tar.gz" "/stable/${nixpkgs.rev}.tar.gz"' > $out/.htaccess
+
+      echo 'Header set Link "<http://localhost/stable/${nixpkgs.rev}.tar.gz?rev=${nixpkgs.rev}&revCount=1234>; rel=\"immutable\""' > $out/stable/.htaccess
+    '';
+in
+
+{
+  name = "tarball-flakes";
+
+  nodes =
+    {
+      machine =
+        { config, pkgs, ... }:
+        { networking.firewall.allowedTCPPorts = [ 80 ];
+
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+          services.httpd.extraConfig = ''
+            ErrorLog syslog:local6
+          '';
+          services.httpd.virtualHosts."localhost" =
+            { servedDirs =
+                [ { urlPath = "/";
+                    dir = root;
+                  }
+                ];
+            };
+
+          virtualisation.writableStore = true;
+          virtualisation.diskSize = 2048;
+          virtualisation.additionalPaths = [ pkgs.hello pkgs.fuse ];
+          virtualisation.memorySize = 4096;
+          nix.settings.substituters = lib.mkForce [ ];
+          nix.extraOptions = "experimental-features = nix-command flakes";
+        };
+    };
+
+  testScript = { nodes }: ''
+    # fmt: off
+    import json
+
+    start_all()
+
+    machine.wait_for_unit("httpd.service")
+
+    out = machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz")
+    print(out)
+    info = json.loads(out)
+
+    # Check that we got redirected to the immutable URL.
+    assert info["locked"]["url"] == "http://localhost/stable/${nixpkgs.rev}.tar.gz"
+
+    # Check that we got the rev and revCount attributes.
+    assert info["revision"] == "${nixpkgs.rev}"
+    assert info["revCount"] == 1234
+
+    # Check that fetching with rev/revCount/narHash succeeds.
+    machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz?rev=" + info["revision"])
+    machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz?revCount=" + str(info["revCount"]))
+    machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz?narHash=" + info["locked"]["narHash"])
+
+    # Check that fetching fails if we provide incorrect attributes.
+    machine.fail("nix flake metadata --json http://localhost/latest.tar.gz?rev=493300eb13ae6fb387fbd47bf54a85915acc31c0")
+    machine.fail("nix flake metadata --json http://localhost/latest.tar.gz?revCount=789")
+    machine.fail("nix flake metadata --json http://localhost/latest.tar.gz?narHash=sha256-tbudgBSg+bHWHiHnlteNzN8TUvI80ygS9IULh4rklEw=")
+  '';
+
+}
--- a/tests/plugins/plugintest.cc
+++ b/tests/plugins/plugintest.cc
@ -21,4 +21,8 @@ static void prim_anotherNull (EvalState & state, const PosIdx pos, Value ** args
        v.mkBool(false);
 }

-static RegisterPrimOp rp("anotherNull", 0, prim_anotherNull);
+static RegisterPrimOp rp({
+    .name = "anotherNull",
+    .arity = 0,
+    .fun = prim_anotherNull,
+});
--- a/tests/test-libstoreconsumer.sh
+++ b/tests/test-libstoreconsumer.sh
@ -0,0 +1,6 @@
+source common.sh
+
+drv="$(nix-instantiate simple.nix)"
+cat "$drv"
+out="$(./test-libstoreconsumer/test-libstoreconsumer "$drv")"
+cat "$out/hello" | grep -F "Hello World!"
--- a/tests/test-libstoreconsumer/README.md
+++ b/tests/test-libstoreconsumer/README.md
@ -0,0 +1,6 @@
+
+A very simple C++ consumer of the libstore library.
+
+  - Keep it simple. Library consumers expect something simple.
+  - No build hook, or any other reinvocations.
+  - No more global state than necessary.
--- a/tests/test-libstoreconsumer/local.mk
+++ b/tests/test-libstoreconsumer/local.mk
@ -0,0 +1,12 @@
+programs += test-libstoreconsumer
+
+test-libstoreconsumer_DIR := $(d)
+
+test-libstoreconsumer_SOURCES := \
+  $(wildcard $(d)/*.cc) \
+
+test-libstoreconsumer_CXXFLAGS += -I src/libutil -I src/libstore
+
+test-libstoreconsumer_LIBS = libstore libutil
+
+test-libstoreconsumer_LDFLAGS = -pthread $(SODIUM_LIBS) $(EDITLINE_LIBS) $(BOOST_LDFLAGS) $(LOWDOWN_LIBS)
--- a/tests/test-libstoreconsumer/main.cc
+++ b/tests/test-libstoreconsumer/main.cc
@ -0,0 +1,45 @@
+#include "globals.hh"
+#include "store-api.hh"
+#include "build-result.hh"
+#include <iostream>
+
+using namespace nix;
+
+int main (int argc, char **argv)
+{
+    try {
+        if (argc != 2) {
+            std::cerr << "Usage: " << argv[0] << " store/path/to/something.drv\n";
+            return 1;
+        }
+
+        std::string drvPath = argv[1];
+
+        initLibStore();
+
+        auto store = nix::openStore();
+
+        // build the derivation
+
+        std::vector<DerivedPath> paths {
+            DerivedPath::Built {
+                .drvPath = store->parseStorePath(drvPath),
+                .outputs = OutputsSpec::Names{"out"}
+            }
+        };
+
+        const auto results = store->buildPathsWithResults(paths, bmNormal, store);
+
+        for (const auto & result : results) {
+            for (const auto & [outputName, realisation] : result.builtOutputs) {
+                std::cout << store->printStorePath(realisation.outPath) << "\n";
+            }
+        }
+
+        return 0;
+
+    } catch (const std::exception & e) {
+        std::cerr << "Error: " << e.what() << "\n";
+        return 1;
+    }
+}