1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-02 21:51:50 +02:00

Merge remote-tracking branch 'upstream/master' into ca-drv-exotic

This commit is contained in:
John Ericson 2023-04-17 10:16:57 -04:00
commit e12efa3654
246 changed files with 5067 additions and 1911 deletions

View file

@ -3,7 +3,7 @@
source common.sh
drv=$(nix-instantiate ./content-addressed.nix -A rootCA --arg seed 1)
nix show-derivation "$drv" --arg seed 1
nix derivation show "$drv" --arg seed 1
buildAttr () {
local derivationPath=$1

View file

@ -0,0 +1,26 @@
source common.sh
export NIX_TESTS_CA_BY_DEFAULT=1
drvPath=$(nix-instantiate ../simple.nix)
nix derivation show $drvPath | jq .[] > $TEST_HOME/simple.json
drvPath2=$(nix derivation add < $TEST_HOME/simple.json)
[[ "$drvPath" = "$drvPath2" ]]
# Content-addressed derivations can be renamed.
jq '.name = "foo"' < $TEST_HOME/simple.json > $TEST_HOME/foo.json
drvPath3=$(nix derivation add --dry-run < $TEST_HOME/foo.json)
# With --dry-run nothing is actually written
[[ ! -e "$drvPath3" ]]
# Without --dry-run it is actually written
drvPath4=$(nix derivation add < $TEST_HOME/foo.json)
[[ "$drvPath4" = "$drvPath3" ]]
[[ -e "$drvPath3" ]]
# The modified derivation read back as JSON matches
nix derivation show $drvPath3 | jq .[] > $TEST_HOME/foo-read.json
diff $TEST_HOME/foo.json $TEST_HOME/foo-read.json

12
tests/derivation-json.sh Normal file
View file

@ -0,0 +1,12 @@
source common.sh
drvPath=$(nix-instantiate simple.nix)
nix derivation show $drvPath | jq .[] > $TEST_HOME/simple.json
drvPath2=$(nix derivation add < $TEST_HOME/simple.json)
[[ "$drvPath" = "$drvPath2" ]]
# Input addressed derivations cannot be renamed.
jq '.name = "foo"' < $TEST_HOME/simple.json | expectStderr 1 nix derivation add | grepQuiet "has incorrect output"

View file

@ -1,23 +1,42 @@
source common.sh
# Without flakes, flake options should not show up
# With flakes, flake options should show up
function both_ways {
nix --experimental-features 'nix-command' "$@" | grepQuietInverse flake
nix --experimental-features 'nix-command flakes' "$@" | grepQuiet flake
# Also, the order should not matter
nix "$@" --experimental-features 'nix-command' | grepQuietInverse flake
nix "$@" --experimental-features 'nix-command flakes' | grepQuiet flake
}
# Simple case, the configuration effects the running command
both_ways show-config
# Complicated case, earlier args effect later args
both_ways store gc --help
# Skipping these two for now, because we actually *do* want flags and
# config settings to always show up in the manual, just be marked
# experimental. Will reenable once the manual generation takes advantage
# of the JSON metadata on this.
#
# # Without flakes, flake options should not show up
# # With flakes, flake options should show up
#
# function grep_both_ways {
# nix --experimental-features 'nix-command' "$@" | grepQuietInverse flake
# nix --experimental-features 'nix-command flakes' "$@" | grepQuiet flake
#
# # Also, the order should not matter
# nix "$@" --experimental-features 'nix-command' | grepQuietInverse flake
# nix "$@" --experimental-features 'nix-command flakes' | grepQuiet flake
# }
#
# # Simple case, the configuration effects the running command
# grep_both_ways show-config
#
# # Medium case, the configuration effects --help
# grep_both_ways store gc --help
expect 1 nix --experimental-features 'nix-command' show-config --flake-registry 'https://no'
nix --experimental-features 'nix-command flakes' show-config --flake-registry 'https://no'
# Double check these are stable
nix --experimental-features '' --help
nix --experimental-features '' doctor --help
nix --experimental-features '' repl --help
nix --experimental-features '' upgrade-nix --help
# These 3 arguments are currently given to all commands, which is wrong (as not
# all care). To deal with fixing later, we simply make them require the
# nix-command experimental features --- it so happens that the commands we wish
# stabilizing to do not need them anyways.
for arg in '--print-build-logs' '--offline' '--refresh'; do
nix --experimental-features 'nix-command' "$arg" --help
! nix --experimental-features '' "$arg" --help
done

View file

@ -96,7 +96,9 @@ json=$(nix flake metadata flake1 --json | jq .)
hash1=$(echo "$json" | jq -r .revision)
echo -n '# foo' >> $flake1Dir/flake.nix
flake1OriginalCommit=$(git -C $flake1Dir rev-parse HEAD)
git -C $flake1Dir commit -a -m 'Foo'
flake1NewCommit=$(git -C $flake1Dir rev-parse HEAD)
hash2=$(nix flake metadata flake1 --json --refresh | jq -r .revision)
[[ $hash1 != $hash2 ]]
@ -491,3 +493,14 @@ nix store delete $(nix store add-path $badFlakeDir)
[[ $(nix-instantiate --eval flake:git+file://$flake3Dir -A x) = 123 ]]
[[ $(nix-instantiate -I flake3=flake:flake3 --eval '<flake3>' -A x) = 123 ]]
[[ $(NIX_PATH=flake3=flake:flake3 nix-instantiate --eval '<flake3>' -A x) = 123 ]]
# Test alternate lockfile paths.
nix flake lock $flake2Dir --output-lock-file $TEST_ROOT/flake2.lock
cmp $flake2Dir/flake.lock $TEST_ROOT/flake2.lock >/dev/null # lockfiles should be identical, since we're referencing flake2's original one
nix flake lock $flake2Dir --output-lock-file $TEST_ROOT/flake2-overridden.lock --override-input flake1 git+file://$flake1Dir?rev=$flake1OriginalCommit
expectStderr 1 cmp $flake2Dir/flake.lock $TEST_ROOT/flake2-overridden.lock
nix flake metadata $flake2Dir --reference-lock-file $TEST_ROOT/flake2-overridden.lock | grepQuiet $flake1OriginalCommit
# reference-lock-file can only be used if allow-dirty is set.
expectStderr 1 nix flake metadata $flake2Dir --no-allow-dirty --reference-lock-file $TEST_ROOT/flake2-overridden.lock

View file

@ -37,8 +37,8 @@ path4=$(nix build -L --no-link --json --file ./impure-derivations.nix impureOnIm
(! nix build -L --no-link --json --file ./impure-derivations.nix inputAddressed 2>&1) | grep 'depends on impure derivation'
drvPath=$(nix eval --json --file ./impure-derivations.nix impure.drvPath | jq -r .)
[[ $(nix show-derivation $drvPath | jq ".[\"$drvPath\"].outputs.out.impure") = true ]]
[[ $(nix show-derivation $drvPath | jq ".[\"$drvPath\"].outputs.stuff.impure") = true ]]
[[ $(nix derivation show $drvPath | jq ".[\"$drvPath\"].outputs.out.impure") = true ]]
[[ $(nix derivation show $drvPath | jq ".[\"$drvPath\"].outputs.stuff.impure") = true ]]
# Fixed-output derivations *can* depend on impure derivations.
path5=$(nix build -L --no-link --json --file ./impure-derivations.nix contentAddressed | jq -r .[].outputs.out)

View file

@ -17,7 +17,7 @@ let
script = ''
tar -xf ./nix.tar.xz
mv ./nix-* nix
./nix/install --no-daemon
./nix/install --no-daemon --no-channel-add
'';
};
@ -33,9 +33,9 @@ let
mockChannel = pkgs:
pkgs.runCommandNoCC "mock-channel" {} ''
mkdir nixexprs
mkdir $out
mkdir -p $out/channel
echo -n 'someContent' > nixexprs/someFile
tar cvf - nixexprs | bzip2 > $out/nixexprs.tar.bz2
tar cvf - nixexprs | bzip2 > $out/channel/nixexprs.tar.bz2
'';
disableSELinux = "sudo setenforce 0";
@ -198,7 +198,9 @@ let
$ssh "set -eux; $installScript"
echo "Copying the mock channel"
scp -r -P 20022 $ssh_opts ${mockChannel pkgs} vagrant@localhost:channel
# `scp -r` doesn't seem to work properly on some rhel instances, so let's
# use a plain tarpipe instead
tar -C ${mockChannel pkgs} -c channel | ssh -p 20022 $ssh_opts vagrant@localhost tar x -f-
echo "Testing Nix installation..."
$ssh <<EOF

View file

@ -5,12 +5,19 @@ export NIX_REMOTE=dummy://
export NIX_STORE_DIR=/nix/store
nix-instantiate --eval -E 'builtins.trace "Hello" 123' 2>&1 | grepQuiet Hello
nix-instantiate --eval -E 'builtins.trace "Hello" 123' 2>/dev/null | grepQuiet 123
nix-instantiate --eval -E 'builtins.addErrorContext "Hello" 123' 2>&1
nix-instantiate --trace-verbose --eval -E 'builtins.traceVerbose "Hello" 123' 2>&1 | grepQuiet Hello
nix-instantiate --eval -E 'builtins.traceVerbose "Hello" 123' 2>&1 | grepQuietInverse Hello
nix-instantiate --show-trace --eval -E 'builtins.addErrorContext "Hello" 123' 2>&1 | grepQuietInverse Hello
expectStderr 1 nix-instantiate --show-trace --eval -E 'builtins.addErrorContext "Hello" (throw "Foo")' | grepQuiet Hello
nix-instantiate --eval -E 'let x = builtins.trace { x = x; } true; in x' \
2>&1 | grepQuiet -E 'trace: { x = «potential infinite recursion»; }'
nix-instantiate --eval -E 'let x = { repeating = x; tracing = builtins.trace x true; }; in x.tracing'\
2>&1 | grepQuiet -F 'trace: { repeating = «repeated»; tracing = «potential infinite recursion»; }'
set +x
fail=0

View file

@ -0,0 +1,4 @@
source common.sh
# Check that store ping trusted doesn't yet work with ssh://
nix --store ssh://localhost?remote-store=$TEST_ROOT/other-store store ping --json | jq -e 'has("trusted") | not'

View file

@ -17,3 +17,6 @@ PATH2=$(nix path-info --store "$PWD/x" $CORRECT_PATH)
PATH3=$(nix path-info --store "local?root=$PWD/x" $CORRECT_PATH)
[ $CORRECT_PATH == $PATH3 ]
# Ensure store ping trusted works with local store
nix --store ./x store ping --json | jq -e '.trusted'

View file

@ -17,6 +17,7 @@ nix_tests = \
ca/gc.sh \
gc.sh \
remote-store.sh \
legacy-ssh-store.sh \
lang.sh \
experimental-features.sh \
fetchMercurial.sh \
@ -101,6 +102,8 @@ nix_tests = \
eval-store.sh \
why-depends.sh \
ca/why-depends.sh \
derivation-json.sh \
ca/derivation-json.sh \
import-derivation.sh \
ca/import-derivation.sh \
ca/text-hashed-output.sh \

View file

@ -144,6 +144,7 @@ expect 1 nix profile install $flake2Dir
diff -u <(
nix --offline profile install $flake2Dir 2>&1 1> /dev/null \
| grep -vE "^warning: " \
| grep -vE "^error \(ignored\): " \
|| true
) <(cat << EOF
error: An existing package already provides the following file:

85
tests/nixos/nix-copy.nix Normal file
View file

@ -0,0 +1,85 @@
# Test that nix copy works over ssh.
{ lib, config, nixpkgs, hostPkgs, ... }:
let
pkgs = config.nodes.client.nixpkgs.pkgs;
pkgA = pkgs.cowsay;
pkgB = pkgs.wget;
pkgC = pkgs.hello;
pkgD = pkgs.tmux;
in {
name = "nix-copy";
enableOCR = true;
nodes =
{ client =
{ config, lib, pkgs, ... }:
{ virtualisation.writableStore = true;
virtualisation.additionalPaths = [ pkgA pkgD.drvPath ];
nix.settings.substituters = lib.mkForce [ ];
nix.settings.experimental-features = [ "nix-command" ];
services.getty.autologinUser = "root";
};
server =
{ config, pkgs, ... }:
{ services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
users.users.root.password = "foobar";
virtualisation.writableStore = true;
virtualisation.additionalPaths = [ pkgB pkgC ];
};
};
testScript = { nodes }: ''
# fmt: off
import subprocess
# Create an SSH key on the client.
subprocess.run([
"${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
], capture_output=True, check=True)
start_all()
server.wait_for_unit("sshd")
client.wait_for_unit("network.target")
client.wait_for_unit("getty@tty1.service")
client.wait_for_text("]#")
# Copy the closure of package A from the client to the server using password authentication,
# and check that all prompts are visible
server.fail("nix-store --check-validity ${pkgA}")
client.send_chars("nix copy --to ssh://server ${pkgA} >&2; echo done\n")
client.wait_for_text("continue connecting")
client.send_chars("yes\n")
client.wait_for_text("Password:")
client.send_chars("foobar\n")
client.wait_for_text("done")
server.succeed("nix-store --check-validity ${pkgA}")
client.copy_from_host("key", "/root/.ssh/id_ed25519")
client.succeed("chmod 600 /root/.ssh/id_ed25519")
# Install the SSH key on the server.
server.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
server.succeed("systemctl restart sshd")
client.succeed(f"ssh -o StrictHostKeyChecking=no {server.name} 'echo hello world'")
# Copy the closure of package B from the server to the client, using ssh-ng.
client.fail("nix-store --check-validity ${pkgB}")
# Shouldn't download untrusted paths by default
client.fail("nix copy --from ssh-ng://server ${pkgB} >&2")
client.succeed("nix copy --no-check-sigs --from ssh-ng://server ${pkgB} >&2")
client.succeed("nix-store --check-validity ${pkgB}")
# Copy the derivation of package D's derivation from the client to the server.
server.fail("nix-store --check-validity ${pkgD.drvPath}")
client.succeed("nix copy --derivation --to ssh://server ${pkgD.drvPath} >&2")
server.succeed("nix-store --check-validity ${pkgD.drvPath}")
'';
}

View file

@ -5,8 +5,19 @@ clearStore
# Ensure "fake ssh" remote store works just as legacy fake ssh would.
nix --store ssh-ng://localhost?remote-store=$TEST_ROOT/other-store doctor
# Ensure that store ping trusted works with ssh-ng://
nix --store ssh-ng://localhost?remote-store=$TEST_ROOT/other-store store ping --json | jq -e '.trusted'
startDaemon
if isDaemonNewer "2.15pre0"; then
# Ensure that ping works trusted with new daemon
nix store ping --json | jq -e '.trusted'
else
# And the the field is absent with the old daemon
nix store ping --json | jq -e 'has("trusted") | not'
fi
# Test import-from-derivation through the daemon.
[[ $(nix eval --impure --raw --expr '
with import ./config.nix;

View file

@ -79,6 +79,14 @@ testReplResponse '
"result: ${a}"
' "result: 2"
# check dollar escaping https://github.com/NixOS/nix/issues/4909
# note the escaped \,
# \\
# because the second argument is a regex
testReplResponse '
"$" + "{hi}"
' '"\\${hi}"'
testReplResponse '
drvPath
' '".*-simple.drv"' \