max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-15 10:46:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
nix-super/tests/functional/nested-sandboxing/runner.nix

28 lines
646 B
Nix
Raw Normal View History

Test nested sandboxing, and make nicer error We were bedeviled by sandboxing issues when working on the layered store. The problem ended up being that when we have nested nix builds, and the inner store is inside the build dir (e.g. store is `/build/nix-test/$name/store`, build dir is `/build`) bind mounts clobber each other and store paths cannot be found. After thoroughly cleaning up `local-derivation-goal.cc`, we might be able to make that work. But that is a lot of work. For now, we just fail earlier with a proper error message. Finally, test this: nested sandboxing without the problematic store dir should work, and with should fail with the expected error message. Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-13 20:17:17 +03:00
{ altitude, storeFun }:
with import ../config.nix;
mkDerivation {
name = "nested-sandboxing";
busybox = builtins.getEnv "busybox";
EXTRA_SANDBOX = builtins.getEnv "EXTRA_SANDBOX";
Build Functional tests with Meson Co-Authored-By: Qyriad <qyriad@qyriad.me> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-08 23:07:06 +03:00
buildCommand = ''
set -x
set -eu -o pipefail
'' + (if altitude == 0 then ''
Test nested sandboxing, and make nicer error We were bedeviled by sandboxing issues when working on the layered store. The problem ended up being that when we have nested nix builds, and the inner store is inside the build dir (e.g. store is `/build/nix-test/$name/store`, build dir is `/build`) bind mounts clobber each other and store paths cannot be found. After thoroughly cleaning up `local-derivation-goal.cc`, we might be able to make that work. But that is a lot of work. For now, we just fail earlier with a proper error message. Finally, test this: nested sandboxing without the problematic store dir should work, and with should fail with the expected error message. Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-13 20:17:17 +03:00
echo Deep enough! > $out
'' else ''
cp -r ${../common} ./common
cp ${../common.sh} ./common.sh
cp ${../config.nix} ./config.nix
cp -r ${./.} ./nested-sandboxing
export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH
source common.sh
source ./nested-sandboxing/command.sh
runNixBuild ${storeFun} ${toString altitude} >> $out
Build Functional tests with Meson Co-Authored-By: Qyriad <qyriad@qyriad.me> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-08 23:07:06 +03:00
'');
Test nested sandboxing, and make nicer error We were bedeviled by sandboxing issues when working on the layered store. The problem ended up being that when we have nested nix builds, and the inner store is inside the build dir (e.g. store is `/build/nix-test/$name/store`, build dir is `/build`) bind mounts clobber each other and store paths cannot be found. After thoroughly cleaning up `local-derivation-goal.cc`, we might be able to make that work. But that is a lot of work. For now, we just fail earlier with a proper error message. Finally, test this: nested sandboxing without the problematic store dir should work, and with should fail with the expected error message. Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-13 20:17:17 +03:00
}
Reference in a new issue Copy permalink