mirror of
https://github.com/NixOS/nix
synced 2025-07-02 21:51:50 +02:00
Merge remote-tracking branch 'upstream/master' into ca-drv-exotic
This commit is contained in:
commit
e12efa3654
246 changed files with 5067 additions and 1911 deletions
|
@ -3,7 +3,7 @@
|
|||
source common.sh
|
||||
|
||||
drv=$(nix-instantiate ./content-addressed.nix -A rootCA --arg seed 1)
|
||||
nix show-derivation "$drv" --arg seed 1
|
||||
nix derivation show "$drv" --arg seed 1
|
||||
|
||||
buildAttr () {
|
||||
local derivationPath=$1
|
||||
|
|
26
tests/ca/derivation-json.sh
Normal file
26
tests/ca/derivation-json.sh
Normal file
|
@ -0,0 +1,26 @@
|
|||
source common.sh
|
||||
|
||||
export NIX_TESTS_CA_BY_DEFAULT=1
|
||||
|
||||
drvPath=$(nix-instantiate ../simple.nix)
|
||||
|
||||
nix derivation show $drvPath | jq .[] > $TEST_HOME/simple.json
|
||||
|
||||
drvPath2=$(nix derivation add < $TEST_HOME/simple.json)
|
||||
|
||||
[[ "$drvPath" = "$drvPath2" ]]
|
||||
|
||||
# Content-addressed derivations can be renamed.
|
||||
jq '.name = "foo"' < $TEST_HOME/simple.json > $TEST_HOME/foo.json
|
||||
drvPath3=$(nix derivation add --dry-run < $TEST_HOME/foo.json)
|
||||
# With --dry-run nothing is actually written
|
||||
[[ ! -e "$drvPath3" ]]
|
||||
|
||||
# Without --dry-run it is actually written
|
||||
drvPath4=$(nix derivation add < $TEST_HOME/foo.json)
|
||||
[[ "$drvPath4" = "$drvPath3" ]]
|
||||
[[ -e "$drvPath3" ]]
|
||||
|
||||
# The modified derivation read back as JSON matches
|
||||
nix derivation show $drvPath3 | jq .[] > $TEST_HOME/foo-read.json
|
||||
diff $TEST_HOME/foo.json $TEST_HOME/foo-read.json
|
12
tests/derivation-json.sh
Normal file
12
tests/derivation-json.sh
Normal file
|
@ -0,0 +1,12 @@
|
|||
source common.sh
|
||||
|
||||
drvPath=$(nix-instantiate simple.nix)
|
||||
|
||||
nix derivation show $drvPath | jq .[] > $TEST_HOME/simple.json
|
||||
|
||||
drvPath2=$(nix derivation add < $TEST_HOME/simple.json)
|
||||
|
||||
[[ "$drvPath" = "$drvPath2" ]]
|
||||
|
||||
# Input addressed derivations cannot be renamed.
|
||||
jq '.name = "foo"' < $TEST_HOME/simple.json | expectStderr 1 nix derivation add | grepQuiet "has incorrect output"
|
|
@ -1,23 +1,42 @@
|
|||
source common.sh
|
||||
|
||||
# Without flakes, flake options should not show up
|
||||
# With flakes, flake options should show up
|
||||
|
||||
function both_ways {
|
||||
nix --experimental-features 'nix-command' "$@" | grepQuietInverse flake
|
||||
nix --experimental-features 'nix-command flakes' "$@" | grepQuiet flake
|
||||
|
||||
# Also, the order should not matter
|
||||
nix "$@" --experimental-features 'nix-command' | grepQuietInverse flake
|
||||
nix "$@" --experimental-features 'nix-command flakes' | grepQuiet flake
|
||||
}
|
||||
|
||||
# Simple case, the configuration effects the running command
|
||||
both_ways show-config
|
||||
|
||||
# Complicated case, earlier args effect later args
|
||||
|
||||
both_ways store gc --help
|
||||
# Skipping these two for now, because we actually *do* want flags and
|
||||
# config settings to always show up in the manual, just be marked
|
||||
# experimental. Will reenable once the manual generation takes advantage
|
||||
# of the JSON metadata on this.
|
||||
#
|
||||
# # Without flakes, flake options should not show up
|
||||
# # With flakes, flake options should show up
|
||||
#
|
||||
# function grep_both_ways {
|
||||
# nix --experimental-features 'nix-command' "$@" | grepQuietInverse flake
|
||||
# nix --experimental-features 'nix-command flakes' "$@" | grepQuiet flake
|
||||
#
|
||||
# # Also, the order should not matter
|
||||
# nix "$@" --experimental-features 'nix-command' | grepQuietInverse flake
|
||||
# nix "$@" --experimental-features 'nix-command flakes' | grepQuiet flake
|
||||
# }
|
||||
#
|
||||
# # Simple case, the configuration effects the running command
|
||||
# grep_both_ways show-config
|
||||
#
|
||||
# # Medium case, the configuration effects --help
|
||||
# grep_both_ways store gc --help
|
||||
|
||||
expect 1 nix --experimental-features 'nix-command' show-config --flake-registry 'https://no'
|
||||
nix --experimental-features 'nix-command flakes' show-config --flake-registry 'https://no'
|
||||
|
||||
# Double check these are stable
|
||||
nix --experimental-features '' --help
|
||||
nix --experimental-features '' doctor --help
|
||||
nix --experimental-features '' repl --help
|
||||
nix --experimental-features '' upgrade-nix --help
|
||||
|
||||
# These 3 arguments are currently given to all commands, which is wrong (as not
|
||||
# all care). To deal with fixing later, we simply make them require the
|
||||
# nix-command experimental features --- it so happens that the commands we wish
|
||||
# stabilizing to do not need them anyways.
|
||||
for arg in '--print-build-logs' '--offline' '--refresh'; do
|
||||
nix --experimental-features 'nix-command' "$arg" --help
|
||||
! nix --experimental-features '' "$arg" --help
|
||||
done
|
||||
|
|
|
@ -96,7 +96,9 @@ json=$(nix flake metadata flake1 --json | jq .)
|
|||
hash1=$(echo "$json" | jq -r .revision)
|
||||
|
||||
echo -n '# foo' >> $flake1Dir/flake.nix
|
||||
flake1OriginalCommit=$(git -C $flake1Dir rev-parse HEAD)
|
||||
git -C $flake1Dir commit -a -m 'Foo'
|
||||
flake1NewCommit=$(git -C $flake1Dir rev-parse HEAD)
|
||||
hash2=$(nix flake metadata flake1 --json --refresh | jq -r .revision)
|
||||
[[ $hash1 != $hash2 ]]
|
||||
|
||||
|
@ -491,3 +493,14 @@ nix store delete $(nix store add-path $badFlakeDir)
|
|||
[[ $(nix-instantiate --eval flake:git+file://$flake3Dir -A x) = 123 ]]
|
||||
[[ $(nix-instantiate -I flake3=flake:flake3 --eval '<flake3>' -A x) = 123 ]]
|
||||
[[ $(NIX_PATH=flake3=flake:flake3 nix-instantiate --eval '<flake3>' -A x) = 123 ]]
|
||||
|
||||
# Test alternate lockfile paths.
|
||||
nix flake lock $flake2Dir --output-lock-file $TEST_ROOT/flake2.lock
|
||||
cmp $flake2Dir/flake.lock $TEST_ROOT/flake2.lock >/dev/null # lockfiles should be identical, since we're referencing flake2's original one
|
||||
|
||||
nix flake lock $flake2Dir --output-lock-file $TEST_ROOT/flake2-overridden.lock --override-input flake1 git+file://$flake1Dir?rev=$flake1OriginalCommit
|
||||
expectStderr 1 cmp $flake2Dir/flake.lock $TEST_ROOT/flake2-overridden.lock
|
||||
nix flake metadata $flake2Dir --reference-lock-file $TEST_ROOT/flake2-overridden.lock | grepQuiet $flake1OriginalCommit
|
||||
|
||||
# reference-lock-file can only be used if allow-dirty is set.
|
||||
expectStderr 1 nix flake metadata $flake2Dir --no-allow-dirty --reference-lock-file $TEST_ROOT/flake2-overridden.lock
|
||||
|
|
|
@ -37,8 +37,8 @@ path4=$(nix build -L --no-link --json --file ./impure-derivations.nix impureOnIm
|
|||
(! nix build -L --no-link --json --file ./impure-derivations.nix inputAddressed 2>&1) | grep 'depends on impure derivation'
|
||||
|
||||
drvPath=$(nix eval --json --file ./impure-derivations.nix impure.drvPath | jq -r .)
|
||||
[[ $(nix show-derivation $drvPath | jq ".[\"$drvPath\"].outputs.out.impure") = true ]]
|
||||
[[ $(nix show-derivation $drvPath | jq ".[\"$drvPath\"].outputs.stuff.impure") = true ]]
|
||||
[[ $(nix derivation show $drvPath | jq ".[\"$drvPath\"].outputs.out.impure") = true ]]
|
||||
[[ $(nix derivation show $drvPath | jq ".[\"$drvPath\"].outputs.stuff.impure") = true ]]
|
||||
|
||||
# Fixed-output derivations *can* depend on impure derivations.
|
||||
path5=$(nix build -L --no-link --json --file ./impure-derivations.nix contentAddressed | jq -r .[].outputs.out)
|
||||
|
|
|
@ -17,7 +17,7 @@ let
|
|||
script = ''
|
||||
tar -xf ./nix.tar.xz
|
||||
mv ./nix-* nix
|
||||
./nix/install --no-daemon
|
||||
./nix/install --no-daemon --no-channel-add
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -33,9 +33,9 @@ let
|
|||
mockChannel = pkgs:
|
||||
pkgs.runCommandNoCC "mock-channel" {} ''
|
||||
mkdir nixexprs
|
||||
mkdir $out
|
||||
mkdir -p $out/channel
|
||||
echo -n 'someContent' > nixexprs/someFile
|
||||
tar cvf - nixexprs | bzip2 > $out/nixexprs.tar.bz2
|
||||
tar cvf - nixexprs | bzip2 > $out/channel/nixexprs.tar.bz2
|
||||
'';
|
||||
|
||||
disableSELinux = "sudo setenforce 0";
|
||||
|
@ -198,7 +198,9 @@ let
|
|||
$ssh "set -eux; $installScript"
|
||||
|
||||
echo "Copying the mock channel"
|
||||
scp -r -P 20022 $ssh_opts ${mockChannel pkgs} vagrant@localhost:channel
|
||||
# `scp -r` doesn't seem to work properly on some rhel instances, so let's
|
||||
# use a plain tarpipe instead
|
||||
tar -C ${mockChannel pkgs} -c channel | ssh -p 20022 $ssh_opts vagrant@localhost tar x -f-
|
||||
|
||||
echo "Testing Nix installation..."
|
||||
$ssh <<EOF
|
||||
|
|
|
@ -5,12 +5,19 @@ export NIX_REMOTE=dummy://
|
|||
export NIX_STORE_DIR=/nix/store
|
||||
|
||||
nix-instantiate --eval -E 'builtins.trace "Hello" 123' 2>&1 | grepQuiet Hello
|
||||
nix-instantiate --eval -E 'builtins.trace "Hello" 123' 2>/dev/null | grepQuiet 123
|
||||
nix-instantiate --eval -E 'builtins.addErrorContext "Hello" 123' 2>&1
|
||||
nix-instantiate --trace-verbose --eval -E 'builtins.traceVerbose "Hello" 123' 2>&1 | grepQuiet Hello
|
||||
nix-instantiate --eval -E 'builtins.traceVerbose "Hello" 123' 2>&1 | grepQuietInverse Hello
|
||||
nix-instantiate --show-trace --eval -E 'builtins.addErrorContext "Hello" 123' 2>&1 | grepQuietInverse Hello
|
||||
expectStderr 1 nix-instantiate --show-trace --eval -E 'builtins.addErrorContext "Hello" (throw "Foo")' | grepQuiet Hello
|
||||
|
||||
nix-instantiate --eval -E 'let x = builtins.trace { x = x; } true; in x' \
|
||||
2>&1 | grepQuiet -E 'trace: { x = «potential infinite recursion»; }'
|
||||
|
||||
nix-instantiate --eval -E 'let x = { repeating = x; tracing = builtins.trace x true; }; in x.tracing'\
|
||||
2>&1 | grepQuiet -F 'trace: { repeating = «repeated»; tracing = «potential infinite recursion»; }'
|
||||
|
||||
set +x
|
||||
|
||||
fail=0
|
||||
|
|
4
tests/legacy-ssh-store.sh
Normal file
4
tests/legacy-ssh-store.sh
Normal file
|
@ -0,0 +1,4 @@
|
|||
source common.sh
|
||||
|
||||
# Check that store ping trusted doesn't yet work with ssh://
|
||||
nix --store ssh://localhost?remote-store=$TEST_ROOT/other-store store ping --json | jq -e 'has("trusted") | not'
|
|
@ -17,3 +17,6 @@ PATH2=$(nix path-info --store "$PWD/x" $CORRECT_PATH)
|
|||
|
||||
PATH3=$(nix path-info --store "local?root=$PWD/x" $CORRECT_PATH)
|
||||
[ $CORRECT_PATH == $PATH3 ]
|
||||
|
||||
# Ensure store ping trusted works with local store
|
||||
nix --store ./x store ping --json | jq -e '.trusted'
|
||||
|
|
|
@ -17,6 +17,7 @@ nix_tests = \
|
|||
ca/gc.sh \
|
||||
gc.sh \
|
||||
remote-store.sh \
|
||||
legacy-ssh-store.sh \
|
||||
lang.sh \
|
||||
experimental-features.sh \
|
||||
fetchMercurial.sh \
|
||||
|
@ -101,6 +102,8 @@ nix_tests = \
|
|||
eval-store.sh \
|
||||
why-depends.sh \
|
||||
ca/why-depends.sh \
|
||||
derivation-json.sh \
|
||||
ca/derivation-json.sh \
|
||||
import-derivation.sh \
|
||||
ca/import-derivation.sh \
|
||||
ca/text-hashed-output.sh \
|
||||
|
|
|
@ -144,6 +144,7 @@ expect 1 nix profile install $flake2Dir
|
|||
diff -u <(
|
||||
nix --offline profile install $flake2Dir 2>&1 1> /dev/null \
|
||||
| grep -vE "^warning: " \
|
||||
| grep -vE "^error \(ignored\): " \
|
||||
|| true
|
||||
) <(cat << EOF
|
||||
error: An existing package already provides the following file:
|
||||
|
|
85
tests/nixos/nix-copy.nix
Normal file
85
tests/nixos/nix-copy.nix
Normal file
|
@ -0,0 +1,85 @@
|
|||
# Test that ‘nix copy’ works over ssh.
|
||||
|
||||
{ lib, config, nixpkgs, hostPkgs, ... }:
|
||||
|
||||
let
|
||||
pkgs = config.nodes.client.nixpkgs.pkgs;
|
||||
|
||||
pkgA = pkgs.cowsay;
|
||||
pkgB = pkgs.wget;
|
||||
pkgC = pkgs.hello;
|
||||
pkgD = pkgs.tmux;
|
||||
|
||||
in {
|
||||
name = "nix-copy";
|
||||
|
||||
enableOCR = true;
|
||||
|
||||
nodes =
|
||||
{ client =
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ virtualisation.writableStore = true;
|
||||
virtualisation.additionalPaths = [ pkgA pkgD.drvPath ];
|
||||
nix.settings.substituters = lib.mkForce [ ];
|
||||
nix.settings.experimental-features = [ "nix-command" ];
|
||||
services.getty.autologinUser = "root";
|
||||
};
|
||||
|
||||
server =
|
||||
{ config, pkgs, ... }:
|
||||
{ services.openssh.enable = true;
|
||||
services.openssh.permitRootLogin = "yes";
|
||||
users.users.root.password = "foobar";
|
||||
virtualisation.writableStore = true;
|
||||
virtualisation.additionalPaths = [ pkgB pkgC ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = { nodes }: ''
|
||||
# fmt: off
|
||||
import subprocess
|
||||
|
||||
# Create an SSH key on the client.
|
||||
subprocess.run([
|
||||
"${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
|
||||
], capture_output=True, check=True)
|
||||
|
||||
start_all()
|
||||
|
||||
server.wait_for_unit("sshd")
|
||||
client.wait_for_unit("network.target")
|
||||
client.wait_for_unit("getty@tty1.service")
|
||||
client.wait_for_text("]#")
|
||||
|
||||
# Copy the closure of package A from the client to the server using password authentication,
|
||||
# and check that all prompts are visible
|
||||
server.fail("nix-store --check-validity ${pkgA}")
|
||||
client.send_chars("nix copy --to ssh://server ${pkgA} >&2; echo done\n")
|
||||
client.wait_for_text("continue connecting")
|
||||
client.send_chars("yes\n")
|
||||
client.wait_for_text("Password:")
|
||||
client.send_chars("foobar\n")
|
||||
client.wait_for_text("done")
|
||||
server.succeed("nix-store --check-validity ${pkgA}")
|
||||
|
||||
client.copy_from_host("key", "/root/.ssh/id_ed25519")
|
||||
client.succeed("chmod 600 /root/.ssh/id_ed25519")
|
||||
|
||||
# Install the SSH key on the server.
|
||||
server.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
|
||||
server.succeed("systemctl restart sshd")
|
||||
client.succeed(f"ssh -o StrictHostKeyChecking=no {server.name} 'echo hello world'")
|
||||
|
||||
# Copy the closure of package B from the server to the client, using ssh-ng.
|
||||
client.fail("nix-store --check-validity ${pkgB}")
|
||||
# Shouldn't download untrusted paths by default
|
||||
client.fail("nix copy --from ssh-ng://server ${pkgB} >&2")
|
||||
client.succeed("nix copy --no-check-sigs --from ssh-ng://server ${pkgB} >&2")
|
||||
client.succeed("nix-store --check-validity ${pkgB}")
|
||||
|
||||
# Copy the derivation of package D's derivation from the client to the server.
|
||||
server.fail("nix-store --check-validity ${pkgD.drvPath}")
|
||||
client.succeed("nix copy --derivation --to ssh://server ${pkgD.drvPath} >&2")
|
||||
server.succeed("nix-store --check-validity ${pkgD.drvPath}")
|
||||
'';
|
||||
}
|
|
@ -5,8 +5,19 @@ clearStore
|
|||
# Ensure "fake ssh" remote store works just as legacy fake ssh would.
|
||||
nix --store ssh-ng://localhost?remote-store=$TEST_ROOT/other-store doctor
|
||||
|
||||
# Ensure that store ping trusted works with ssh-ng://
|
||||
nix --store ssh-ng://localhost?remote-store=$TEST_ROOT/other-store store ping --json | jq -e '.trusted'
|
||||
|
||||
startDaemon
|
||||
|
||||
if isDaemonNewer "2.15pre0"; then
|
||||
# Ensure that ping works trusted with new daemon
|
||||
nix store ping --json | jq -e '.trusted'
|
||||
else
|
||||
# And the the field is absent with the old daemon
|
||||
nix store ping --json | jq -e 'has("trusted") | not'
|
||||
fi
|
||||
|
||||
# Test import-from-derivation through the daemon.
|
||||
[[ $(nix eval --impure --raw --expr '
|
||||
with import ./config.nix;
|
||||
|
|
|
@ -79,6 +79,14 @@ testReplResponse '
|
|||
"result: ${a}"
|
||||
' "result: 2"
|
||||
|
||||
# check dollar escaping https://github.com/NixOS/nix/issues/4909
|
||||
# note the escaped \,
|
||||
# \\
|
||||
# because the second argument is a regex
|
||||
testReplResponse '
|
||||
"$" + "{hi}"
|
||||
' '"\\${hi}"'
|
||||
|
||||
testReplResponse '
|
||||
drvPath
|
||||
' '".*-simple.drv"' \
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue