Merge branch 'read-only-local-store' into overlayfs-store

2025-06-29 02:11:15 +02:00 · 2023-05-23 09:52:41 +01:00 · 2023-05-23 09:52:41 +01:00 · ff12cf3b94
commit ff12cf3b94
parent 4d69bd034a d6ea3b6a19
91 changed files with 975 additions and 545 deletions
--- a/tests/gc.sh
+++ b/tests/gc.sh
@ -52,9 +52,7 @@ rmdir $NIX_STORE_DIR/.links
 rmdir $NIX_STORE_DIR

 ## Test `nix-collect-garbage -d`
-# `nix-env` doesn't work with CA derivations, so let's ignore that bit if we're
-# using them
-if [[ -z "${NIX_TESTS_CA_BY_DEFAULT:-}" ]]; then
+testCollectGarbageD () {
    clearProfiles
    # Run two `nix-env` commands, should create two generations of
    # the profile
@ -66,4 +64,17 @@ if [[ -z "${NIX_TESTS_CA_BY_DEFAULT:-}" ]]; then
    # left
    nix-collect-garbage -d
    [[ $(nix-env --list-generations | wc -l) -eq 1 ]]
+}
+# `nix-env` doesn't work with CA derivations, so let's ignore that bit if we're
+# using them
+if [[ -z "${NIX_TESTS_CA_BY_DEFAULT:-}" ]]; then
+    testCollectGarbageD
+
+    # Run the same test, but forcing the profiles at their legacy location under
+    # /nix/var/nix.
+    #
+    # Regression test for #8294
+    rm ~/.nix-profile
+    ln -s $NIX_STATE_DIR/profiles/per-user/me ~/.nix-profile
+    testCollectGarbageD
 fi
--- a/tests/local.mk
+++ b/tests/local.mk
@ -135,7 +135,8 @@ nix_tests = \
  flakes/show.sh \
  impure-derivations.sh \
  path-from-hash-part.sh \
-  toString-path.sh
+  toString-path.sh \
+  read-only-store.sh

 ifeq ($(HAVE_LIBCPUID), 1)
 	nix_tests += compute-levels.sh
--- a/tests/nix-profile.sh
+++ b/tests/nix-profile.sh
@ -157,17 +157,17 @@ error: An existing package already provides the following file:

       To remove the existing package:

-         nix profile remove path:${flake1Dir}
+         nix profile remove path:${flake1Dir}#packages.${system}.default

       The new package can also be installed next to the existing one by assigning a different priority.
       The conflicting packages have a priority of 5.
       To prioritise the new package:

-         nix profile install path:${flake2Dir} --priority 4
+         nix profile install path:${flake2Dir}#packages.${system}.default --priority 4

       To prioritise the existing package:

-         nix profile install path:${flake2Dir} --priority 6
+         nix profile install path:${flake2Dir}#packages.${system}.default --priority 6
 EOF
 )
 [[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
@ -177,3 +177,10 @@ nix profile install $flake2Dir --priority 0
 [[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World2" ]]
 # nix profile install $flake1Dir --priority 100
 # [[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
+
+# Ensure that conflicts are handled properly even when the installables aren't
+# flake references.
+# Regression test for https://github.com/NixOS/nix/issues/8284
+clearProfiles
+nix profile install $(nix build $flake1Dir --no-link --print-out-paths)
+expect 1 nix profile install --impure --expr "(builtins.getFlake ''$flake2Dir'').packages.$system.default"
--- a/tests/nixos/nix-copy.nix
+++ b/tests/nixos/nix-copy.nix
@ -23,6 +23,12 @@ in {
          nix.settings.substituters = lib.mkForce [ ];
          nix.settings.experimental-features = [ "nix-command" ];
          services.getty.autologinUser = "root";
+          programs.ssh.extraConfig = ''
+            Host *
+                ControlMaster auto
+                ControlPath ~/.ssh/master-%h:%r@%n:%p
+                ControlPersist 15m
+          '';
        };

      server =
@ -62,6 +68,10 @@ in {
    client.wait_for_text("done")
    server.succeed("nix-store --check-validity ${pkgA}")

+    # Check that ControlMaster is working
+    client.send_chars("nix copy --to ssh://server ${pkgA} >&2; echo done\n")
+    client.wait_for_text("done")
+
    client.copy_from_host("key", "/root/.ssh/id_ed25519")
    client.succeed("chmod 600 /root/.ssh/id_ed25519")

--- a/tests/read-only-store.sh
+++ b/tests/read-only-store.sh
@ -0,0 +1,40 @@
+source common.sh
+
+enableFeatures "read-only-local-store"
+
+clearStore
+
+happy () {
+    # We can do a read-only query just fine with a read-only store
+    nix --store local?read-only=true path-info $dummyPath
+    
+    # We can "write" an already-present store-path a read-only store, because no IO is actually required
+    nix-store --store local?read-only=true --add dummy
+}
+## Testing read-only mode without forcing the underlying store to actually be read-only
+
+# Make sure the command fails when the store doesn't already have a database
+expectStderr 1 nix-store --store local?read-only=true --add dummy | grepQuiet "database does not exist, and cannot be created in read-only mode"
+
+# Make sure the store actually has a current-database, with at least one store object
+dummyPath=$(nix-store --add dummy)
+
+# Try again and make sure we fail when adding a item not already in the store
+expectStderr 1 nix-store --store local?read-only=true --add eval.nix | grepQuiet "attempt to write a readonly database"
+
+# Test a few operations that should work with the read-only store in its current state
+happy
+
+## Testing read-only mode with an underlying store that is actually read-only
+
+# Ensure store is actually read-only
+chmod -R -w $TEST_ROOT/store
+chmod -R -w $TEST_ROOT/var
+
+# Make sure we fail on add operations on the read-only store
+# This is only for adding files that are not *already* in the store
+expectStderr 1 nix-store --add eval.nix | grepQuiet "error: opening lock file '$(readlink -e $TEST_ROOT)/var/nix/db/big-lock'"
+expectStderr 1 nix-store --store local?read-only=true --add eval.nix | grepQuiet "Permission denied"
+
+# Test the same operations from before should again succeed
+happy