Merge pull request #9830 from hercules-ci/test-cross-version-remote-build

tests/nixos: Test remote build against older versions

tests/nixos/default.nix

@@ -28,6 +28,13 @@ let
       };
     };
 
+  # Checks that a NixOS configuration does not contain any references to our
+  # locally defined Nix version.
+  checkOverrideNixVersion = { pkgs, lib, ... }: {
+    # pkgs.nix: The new Nix in this repo
+    # We disallow it, to make sure we don't accidentally use it.
+    system.forbiddenDependenciesRegex = lib.strings.escapeRegex "nix-${pkgs.nix.version}";
+  };
 in
 
 {
@@ -35,8 +42,101 @@ in
 
   remoteBuilds = runNixOSTestFor "x86_64-linux" ./remote-builds.nix;
 
+  # Test our Nix as a client against remotes that are older
+
+  remoteBuilds_remote_2_3 = runNixOSTestFor "x86_64-linux" {
+    name = "remoteBuilds_remote_2_3";
+    imports = [ ./remote-builds.nix ];
+    builders.config = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+    };
+  };
+
+  remoteBuilds_remote_2_13 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
+    name = "remoteBuilds_remote_2_13";
+    imports = [ ./remote-builds.nix ];
+    builders.config = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+    };
+  });
+
+  # TODO: (nixpkgs update) remoteBuilds_remote_2_18 = ...
+
+  # Test our Nix as a builder for clients that are older
+
+  remoteBuilds_local_2_3 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
+    name = "remoteBuilds_local_2_3";
+    imports = [ ./remote-builds.nix ];
+    nodes.client = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+    };
+  });
+
+  remoteBuilds_local_2_13 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
+    name = "remoteBuilds_local_2_13";
+    imports = [ ./remote-builds.nix ];
+    nodes.client = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_13;
+    };
+  });
+
+  # TODO: (nixpkgs update) remoteBuilds_local_2_18 = ...
+
+  # End remoteBuilds tests
+
   remoteBuildsSshNg = runNixOSTestFor "x86_64-linux" ./remote-builds-ssh-ng.nix;
 
+  # Test our Nix as a client against remotes that are older
+
+  remoteBuildsSshNg_remote_2_3 = runNixOSTestFor "x86_64-linux" {
+    name = "remoteBuildsSshNg_remote_2_3";
+    imports = [ ./remote-builds-ssh-ng.nix ];
+    builders.config = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+    };
+  };
+
+  remoteBuildsSshNg_remote_2_13 = runNixOSTestFor "x86_64-linux" {
+    name = "remoteBuildsSshNg_remote_2_13";
+    imports = [ ./remote-builds-ssh-ng.nix ];
+    builders.config = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_13;
+    };
+  };
+  
+  # TODO: (nixpkgs update) remoteBuildsSshNg_remote_2_18 = ...
+
+  # Test our Nix as a builder for clients that are older
+
+  # FIXME: these tests don't work yet
+  /*
+  remoteBuildsSshNg_local_2_3 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
+    name = "remoteBuildsSshNg_local_2_3";
+    imports = [ ./remote-builds-ssh-ng.nix ];
+    nodes.client = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
+    };
+  });
+
+  remoteBuildsSshNg_local_2_13 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
+    name = "remoteBuildsSshNg_local_2_13";
+    imports = [ ./remote-builds-ssh-ng.nix ];
+    nodes.client = { lib, pkgs, ... }: {
+      imports = [ checkOverrideNixVersion ];
+      nix.package = lib.mkForce pkgs.nixVersions.nix_2_13;
+    };
+  });
+
+  # TODO: (nixpkgs update) remoteBuildsSshNg_local_2_18 = ...
+  */
+
   nix-copy-closure = runNixOSTestFor "x86_64-linux" ./nix-copy-closure.nix;
 
   nix-copy = runNixOSTestFor "x86_64-linux" ./nix-copy.nix;

tests/nixos/remote-builds-ssh-ng.nix

@@ -1,4 +1,4 @@
-{ config, lib, hostPkgs, ... }:
+test@{ config, lib, hostPkgs, ... }:
 
 let
   pkgs = config.nodes.client.nixpkgs.pkgs;
@@ -28,81 +28,97 @@ let
 in
 
 {
-  name = "remote-builds-ssh-ng";
+  options = {
+    builders.config = lib.mkOption {
+      type = lib.types.deferredModule;
+      description = ''
+        Configuration to add to the builder nodes.
+      '';
+      default = { };
+    };
+  };
 
-  nodes =
-    { builder =
-      { config, pkgs, ... }:
-      { services.openssh.enable = true;
-        virtualisation.writableStore = true;
-        nix.settings.sandbox = true;
-        nix.settings.substituters = lib.mkForce [ ];
-      };
+  config = {
+    name = lib.mkDefault "remote-builds-ssh-ng";
 
-      client =
-        { config, lib, pkgs, ... }:
-        { nix.settings.max-jobs = 0; # force remote building
-          nix.distributedBuilds = true;
-          nix.buildMachines =
-            [ { hostName = "builder";
+    nodes =
+      {
+        builder =
+          { config, pkgs, ... }:
+          {
+            imports = [ test.config.builders.config ];
+            services.openssh.enable = true;
+            virtualisation.writableStore = true;
+            nix.settings.sandbox = true;
+            nix.settings.substituters = lib.mkForce [ ];
+          };
+
+        client =
+          { config, lib, pkgs, ... }:
+          {
+            nix.settings.max-jobs = 0; # force remote building
+            nix.distributedBuilds = true;
+            nix.buildMachines =
+              [{
+                hostName = "builder";
                 sshUser = "root";
                 sshKey = "/root/.ssh/id_ed25519";
                 system = "i686-linux";
                 maxJobs = 1;
                 protocol = "ssh-ng";
-              }
-            ];
-          virtualisation.writableStore = true;
-          virtualisation.additionalPaths = [ config.system.build.extraUtils ];
-          nix.settings.substituters = lib.mkForce [ ];
-          programs.ssh.extraConfig = "ConnectTimeout 30";
-        };
-    };
+              }];
+            virtualisation.writableStore = true;
+            virtualisation.additionalPaths = [ config.system.build.extraUtils ];
+            nix.settings.substituters = lib.mkForce [ ];
+            programs.ssh.extraConfig = "ConnectTimeout 30";
+          };
+      };
 
-  testScript = { nodes }: ''
-    # fmt: off
-    import subprocess
+    testScript = { nodes }: ''
+      # fmt: off
+      import subprocess
 
-    start_all()
+      start_all()
 
-    # Create an SSH key on the client.
-    subprocess.run([
-      "${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
-    ], capture_output=True, check=True)
-    client.succeed("mkdir -p -m 700 /root/.ssh")
-    client.copy_from_host("key", "/root/.ssh/id_ed25519")
-    client.succeed("chmod 600 /root/.ssh/id_ed25519")
+      # Create an SSH key on the client.
+      subprocess.run([
+        "${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
+      ], capture_output=True, check=True)
+      client.succeed("mkdir -p -m 700 /root/.ssh")
+      client.copy_from_host("key", "/root/.ssh/id_ed25519")
+      client.succeed("chmod 600 /root/.ssh/id_ed25519")
 
-    # Install the SSH key on the builder.
-    client.wait_for_unit("network.target")
-    builder.succeed("mkdir -p -m 700 /root/.ssh")
-    builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
-    builder.wait_for_unit("sshd")
-    client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'")
+      # Install the SSH key on the builder.
+      client.wait_for_unit("network.target")
+      builder.succeed("mkdir -p -m 700 /root/.ssh")
+      builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
+      builder.wait_for_unit("sshd")
+      client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'")
 
-    # Perform a build
-    out = client.succeed("nix-build ${expr nodes.client 1} 2> build-output")
+      # Perform a build
+      out = client.succeed("nix-build ${expr nodes.client 1} 2> build-output")
 
-    # Verify that the build was done on the builder
-    builder.succeed(f"test -e {out.strip()}")
+      # Verify that the build was done on the builder
+      builder.succeed(f"test -e {out.strip()}")
 
-    # Print the build log, prefix the log lines to avoid nix intercepting lines starting with @nix
-    buildOutput = client.succeed("sed -e 's/^/build-output:/' build-output")
-    print(buildOutput)
+      # Print the build log, prefix the log lines to avoid nix intercepting lines starting with @nix
+      buildOutput = client.succeed("sed -e 's/^/build-output:/' build-output")
+      print(buildOutput)
 
-    # Make sure that we get the expected build output
-    client.succeed("grep -qF Hello build-output")
+      # Make sure that we get the expected build output
+      client.succeed("grep -qF Hello build-output")
 
-    # We don't want phase reporting in the build output
-    client.fail("grep -qF '@nix' build-output")
+      # We don't want phase reporting in the build output
+      client.fail("grep -qF '@nix' build-output")
 
-    # Get the log file
-    client.succeed(f"nix-store --read-log {out.strip()} > log-output")
-    # Prefix the log lines to avoid nix intercepting lines starting with @nix
-    logOutput = client.succeed("sed -e 's/^/log-file:/' log-output")
-    print(logOutput)
+      # Get the log file
+      client.succeed(f"nix-store --read-log {out.strip()} > log-output")
+      # Prefix the log lines to avoid nix intercepting lines starting with @nix
+      logOutput = client.succeed("sed -e 's/^/log-file:/' log-output")
+      print(logOutput)
 
-    # Check that we get phase reporting in the log file
-    client.succeed("grep -q '@nix {\"action\":\"setPhase\",\"phase\":\"buildPhase\"}' log-output")
-  '';
+      # Check that we get phase reporting in the log file
+      client.succeed("grep -q '@nix {\"action\":\"setPhase\",\"phase\":\"buildPhase\"}' log-output")
+    '';
+  };
 }

tests/nixos/remote-builds.nix

@@ -1,6 +1,6 @@
 # Test Nix's remote build feature.
 
-{ config, lib, hostPkgs, ... }:
+test@{ config, lib, hostPkgs, ... }:
 
 let
   pkgs = config.nodes.client.nixpkgs.pkgs;
@@ -8,7 +8,9 @@ let
   # The configuration of the remote builders.
   builder =
     { config, pkgs, ... }:
-    { services.openssh.enable = true;
+    {
+      imports = [ test.config.builders.config ];
+      services.openssh.enable = true;
       virtualisation.writableStore = true;
       nix.settings.sandbox = true;
 
@@ -35,77 +37,94 @@ let
 in
 
 {
-  name = "remote-builds";
-
-  nodes =
-    { builder1 = builder;
-      builder2 = builder;
-
-      client =
-        { config, lib, pkgs, ... }:
-        { nix.settings.max-jobs = 0; # force remote building
-          nix.distributedBuilds = true;
-          nix.buildMachines =
-            [ { hostName = "builder1";
-                sshUser = "root";
-                sshKey = "/root/.ssh/id_ed25519";
-                system = "i686-linux";
-                maxJobs = 1;
-              }
-              { hostName = "builder2";
-                sshUser = "root";
-                sshKey = "/root/.ssh/id_ed25519";
-                system = "i686-linux";
-                maxJobs = 1;
-              }
-            ];
-          virtualisation.writableStore = true;
-          virtualisation.additionalPaths = [ config.system.build.extraUtils ];
-          nix.settings.substituters = lib.mkForce [ ];
-          programs.ssh.extraConfig = "ConnectTimeout 30";
-        };
+  options = {
+    builders.config = lib.mkOption {
+      type = lib.types.deferredModule;
+      description = ''
+        Configuration to add to the builder nodes.
+      '';
+      default = { };
     };
+  };
 
-  testScript = { nodes }: ''
-    # fmt: off
-    import subprocess
+  config = {
+    name = lib.mkDefault "remote-builds";
 
-    start_all()
+    nodes =
+      {
+        builder1 = builder;
+        builder2 = builder;
 
-    # Create an SSH key on the client.
-    subprocess.run([
-      "${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
-    ], capture_output=True, check=True)
-    client.succeed("mkdir -p -m 700 /root/.ssh")
-    client.copy_from_host("key", "/root/.ssh/id_ed25519")
-    client.succeed("chmod 600 /root/.ssh/id_ed25519")
+        client =
+          { config, lib, pkgs, ... }:
+          {
+            nix.settings.max-jobs = 0; # force remote building
+            nix.distributedBuilds = true;
+            nix.buildMachines =
+              [
+                {
+                  hostName = "builder1";
+                  sshUser = "root";
+                  sshKey = "/root/.ssh/id_ed25519";
+                  system = "i686-linux";
+                  maxJobs = 1;
+                }
+                {
+                  hostName = "builder2";
+                  sshUser = "root";
+                  sshKey = "/root/.ssh/id_ed25519";
+                  system = "i686-linux";
+                  maxJobs = 1;
+                }
+              ];
+            virtualisation.writableStore = true;
+            virtualisation.additionalPaths = [ config.system.build.extraUtils ];
+            nix.settings.substituters = lib.mkForce [ ];
+            programs.ssh.extraConfig = "ConnectTimeout 30";
+          };
+      };
 
-    # Install the SSH key on the builders.
-    client.wait_for_unit("network.target")
-    for builder in [builder1, builder2]:
-      builder.succeed("mkdir -p -m 700 /root/.ssh")
-      builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
-      builder.wait_for_unit("sshd")
-      client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'")
+    testScript = { nodes }: ''
+      # fmt: off
+      import subprocess
 
-    # Perform a build and check that it was performed on the builder.
-    out = client.succeed(
-      "nix-build ${expr nodes.client 1} 2> build-output",
-      "grep -q Hello build-output"
-    )
-    builder1.succeed(f"test -e {out}")
+      start_all()
 
-    # And a parallel build.
-    paths = client.succeed(r'nix-store -r $(nix-instantiate ${expr nodes.client 2})\!out $(nix-instantiate ${expr nodes.client 3})\!out')
-    out1, out2 = paths.split()
-    builder1.succeed(f"test -e {out1} -o -e {out2}")
-    builder2.succeed(f"test -e {out1} -o -e {out2}")
+      # Create an SSH key on the client.
+      subprocess.run([
+        "${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
+      ], capture_output=True, check=True)
+      client.succeed("mkdir -p -m 700 /root/.ssh")
+      client.copy_from_host("key", "/root/.ssh/id_ed25519")
+      client.succeed("chmod 600 /root/.ssh/id_ed25519")
 
-    # And a failing build.
-    client.fail("nix-build ${expr nodes.client 5}")
+      # Install the SSH key on the builders.
+      client.wait_for_unit("network.target")
+      for builder in [builder1, builder2]:
+        builder.succeed("mkdir -p -m 700 /root/.ssh")
+        builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
+        builder.wait_for_unit("sshd")
+        client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'")
 
-    # Test whether the build hook automatically skips unavailable builders.
-    builder1.block()
-    client.succeed("nix-build ${expr nodes.client 4}")
-  '';
+      # Perform a build and check that it was performed on the builder.
+      out = client.succeed(
+        "nix-build ${expr nodes.client 1} 2> build-output",
+        "grep -q Hello build-output"
+      )
+      builder1.succeed(f"test -e {out}")
+
+      # And a parallel build.
+      paths = client.succeed(r'nix-store -r $(nix-instantiate ${expr nodes.client 2})\!out $(nix-instantiate ${expr nodes.client 3})\!out')
+      out1, out2 = paths.split()
+      builder1.succeed(f"test -e {out1} -o -e {out2}")
+      builder2.succeed(f"test -e {out1} -o -e {out2}")
+
+      # And a failing build.
+      client.fail("nix-build ${expr nodes.client 5}")
+
+      # Test whether the build hook automatically skips unavailable builders.
+      builder1.block()
+      client.succeed("nix-build ${expr nodes.client 4}")
+    '';
+  };
 }