mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-09 15:58:05 +02:00
Bryan Honof
parent
612fc76020
commit
cc9fe4dee7
13 changed files with 102 additions and 106 deletions
|
|
@ -641,19 +641,8 @@
|
||||||
''^tests/functional/selfref-gc\.sh$''
|
''^tests/functional/selfref-gc\.sh$''
|
||||||
''^tests/functional/shell\.sh$''
|
''^tests/functional/shell\.sh$''
|
||||||
''^tests/functional/shell\.shebang\.sh$''
|
''^tests/functional/shell\.shebang\.sh$''
|
||||||
''^tests/functional/signing\.sh$''
|
|
||||||
''^tests/functional/simple\.builder\.sh$''
|
''^tests/functional/simple\.builder\.sh$''
|
||||||
''^tests/functional/simple\.sh$''
|
|
||||||
''^tests/functional/ssh-relay\.sh$''
|
|
||||||
''^tests/functional/store-info\.sh$''
|
|
||||||
''^tests/functional/structured-attrs\.sh$''
|
|
||||||
''^tests/functional/substitute-with-invalid-ca\.sh$''
|
|
||||||
''^tests/functional/suggestions\.sh$''
|
|
||||||
''^tests/functional/supplementary-groups\.sh$''
|
''^tests/functional/supplementary-groups\.sh$''
|
||||||
''^tests/functional/tarball\.sh$''
|
|
||||||
''^tests/functional/test-infra\.sh$''
|
|
||||||
''^tests/functional/test-libstoreconsumer\.sh$''
|
|
||||||
''^tests/functional/timeout\.sh$''
|
|
||||||
''^tests/functional/toString-path\.sh$''
|
''^tests/functional/toString-path\.sh$''
|
||||||
''^tests/functional/user-envs-migration\.sh$''
|
''^tests/functional/user-envs-migration\.sh$''
|
||||||
''^tests/functional/user-envs-test-case\.sh$''
|
''^tests/functional/user-envs-test-case\.sh$''
|
||||||
|
|
|
||||||
|
|
@ -5,108 +5,108 @@ source common.sh
|
||||||
clearStoreIfPossible
|
clearStoreIfPossible
|
||||||
clearCache
|
clearCache
|
||||||
|
|
||||||
nix-store --generate-binary-cache-key cache1.example.org $TEST_ROOT/sk1 $TEST_ROOT/pk1
|
nix-store --generate-binary-cache-key cache1.example.org "$TEST_ROOT"/sk1 "$TEST_ROOT"/pk1
|
||||||
pk1=$(cat $TEST_ROOT/pk1)
|
pk1=$(cat "$TEST_ROOT"/pk1)
|
||||||
nix-store --generate-binary-cache-key cache2.example.org $TEST_ROOT/sk2 $TEST_ROOT/pk2
|
nix-store --generate-binary-cache-key cache2.example.org "$TEST_ROOT"/sk2 "$TEST_ROOT"/pk2
|
||||||
pk2=$(cat $TEST_ROOT/pk2)
|
pk2=$(cat "$TEST_ROOT"/pk2)
|
||||||
|
|
||||||
# Build a path.
|
# Build a path.
|
||||||
outPath=$(nix-build dependencies.nix --no-out-link --secret-key-files "$TEST_ROOT/sk1 $TEST_ROOT/sk2")
|
outPath=$(nix-build dependencies.nix --no-out-link --secret-key-files "$TEST_ROOT/sk1 $TEST_ROOT/sk2")
|
||||||
|
|
||||||
# Verify that the path got signed.
|
# Verify that the path got signed.
|
||||||
info=$(nix path-info --json $outPath)
|
info=$(nix path-info --json "$outPath")
|
||||||
echo $info | jq -e '.[] | .ultimate == true'
|
echo "$info" | jq -e '.[] | .ultimate == true'
|
||||||
TODO_NixOS # looks like an actual bug? Following line fails on NixOS:
|
TODO_NixOS # looks like an actual bug? Following line fails on NixOS:
|
||||||
echo $info | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
|
echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
|
||||||
echo $info | jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'
|
echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'
|
||||||
|
|
||||||
# Test "nix store verify".
|
# Test "nix store verify".
|
||||||
nix store verify -r $outPath
|
nix store verify -r "$outPath"
|
||||||
|
|
||||||
expect 2 nix store verify -r $outPath --sigs-needed 1
|
expect 2 nix store verify -r "$outPath" --sigs-needed 1
|
||||||
|
|
||||||
nix store verify -r $outPath --sigs-needed 1 --trusted-public-keys $pk1
|
nix store verify -r "$outPath" --sigs-needed 1 --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
expect 2 nix store verify -r $outPath --sigs-needed 2 --trusted-public-keys $pk1
|
expect 2 nix store verify -r "$outPath" --sigs-needed 2 --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
nix store verify -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
nix store verify -r "$outPath" --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
||||||
|
|
||||||
nix store verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
nix store verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
||||||
|
|
||||||
# Build something unsigned.
|
# Build something unsigned.
|
||||||
outPath2=$(nix-build simple.nix --no-out-link)
|
outPath2=$(nix-build simple.nix --no-out-link)
|
||||||
|
|
||||||
nix store verify -r $outPath
|
nix store verify -r "$outPath"
|
||||||
|
|
||||||
# Verify that the path did not get signed but does have the ultimate bit.
|
# Verify that the path did not get signed but does have the ultimate bit.
|
||||||
info=$(nix path-info --json $outPath2)
|
info=$(nix path-info --json "$outPath2")
|
||||||
echo $info | jq -e '.[] | .ultimate == true'
|
echo "$info" | jq -e '.[] | .ultimate == true'
|
||||||
echo $info | jq -e '.[] | .signatures == []'
|
echo "$info" | jq -e '.[] | .signatures == []'
|
||||||
|
|
||||||
# Test "nix store verify".
|
# Test "nix store verify".
|
||||||
nix store verify -r $outPath2
|
nix store verify -r "$outPath2"
|
||||||
|
|
||||||
expect 2 nix store verify -r $outPath2 --sigs-needed 1
|
expect 2 nix store verify -r "$outPath2" --sigs-needed 1
|
||||||
|
|
||||||
expect 2 nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
expect 2 nix store verify -r "$outPath2" --sigs-needed 1 --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
# Test "nix store sign".
|
# Test "nix store sign".
|
||||||
nix store sign --key-file $TEST_ROOT/sk1 $outPath2
|
nix store sign --key-file "$TEST_ROOT"/sk1 "$outPath2"
|
||||||
|
|
||||||
nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
|
nix store verify -r "$outPath2" --sigs-needed 1 --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
# Build something content-addressed.
|
# Build something content-addressed.
|
||||||
outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)
|
outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)
|
||||||
|
|
||||||
nix path-info --json $outPathCA | jq -e '.[] | .ca | startswith("fixed:md5:")'
|
nix path-info --json "$outPathCA" | jq -e '.[] | .ca | startswith("fixed:md5:")'
|
||||||
|
|
||||||
# Content-addressed paths don't need signatures, so they verify
|
# Content-addressed paths don't need signatures, so they verify
|
||||||
# regardless of --sigs-needed.
|
# regardless of --sigs-needed.
|
||||||
nix store verify $outPathCA
|
nix store verify "$outPathCA"
|
||||||
nix store verify $outPathCA --sigs-needed 1000
|
nix store verify "$outPathCA" --sigs-needed 1000
|
||||||
|
|
||||||
# Check that signing a content-addressed path doesn't overflow validSigs
|
# Check that signing a content-addressed path doesn't overflow validSigs
|
||||||
nix store sign --key-file $TEST_ROOT/sk1 $outPathCA
|
nix store sign --key-file "$TEST_ROOT"/sk1 "$outPathCA"
|
||||||
nix store verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
nix store verify -r "$outPathCA" --sigs-needed 1000 --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
# Copy to a binary cache.
|
# Copy to a binary cache.
|
||||||
nix copy --to file://$cacheDir $outPath2
|
nix copy --to file://"$cacheDir" "$outPath2"
|
||||||
|
|
||||||
# Verify that signatures got copied.
|
# Verify that signatures got copied.
|
||||||
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
info=$(nix path-info --store file://"$cacheDir" --json "$outPath2")
|
||||||
echo $info | jq -e '.[] | .ultimate == false'
|
echo "$info" | jq -e '.[] | .ultimate == false'
|
||||||
echo $info | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
|
echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
|
||||||
echo $info | expect 4 jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'
|
echo "$info" | expect 4 jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'
|
||||||
|
|
||||||
# Verify that adding a signature to a path in a binary cache works.
|
# Verify that adding a signature to a path in a binary cache works.
|
||||||
nix store sign --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
|
nix store sign --store file://"$cacheDir" --key-file "$TEST_ROOT"/sk2 "$outPath2"
|
||||||
info=$(nix path-info --store file://$cacheDir --json $outPath2)
|
info=$(nix path-info --store file://"$cacheDir" --json "$outPath2")
|
||||||
echo $info | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
|
echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
|
||||||
echo $info | jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'
|
echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'
|
||||||
|
|
||||||
# Copying to a diverted store should fail due to a lack of signatures by trusted keys.
|
# Copying to a diverted store should fail due to a lack of signatures by trusted keys.
|
||||||
chmod -R u+w $TEST_ROOT/store0 || true
|
chmod -R u+w "$TEST_ROOT"/store0 || true
|
||||||
rm -rf $TEST_ROOT/store0
|
rm -rf "$TEST_ROOT"/store0
|
||||||
|
|
||||||
# Fails or very flaky only on GHA + macOS:
|
# Fails or very flaky only on GHA + macOS:
|
||||||
# expectStderr 1 nix copy --to $TEST_ROOT/store0 $outPath | grepQuiet -E 'cannot add path .* because it lacks a signature by a trusted key'
|
# expectStderr 1 nix copy --to $TEST_ROOT/store0 $outPath | grepQuiet -E 'cannot add path .* because it lacks a signature by a trusted key'
|
||||||
# but this works:
|
# but this works:
|
||||||
(! nix copy --to $TEST_ROOT/store0 $outPath)
|
(! nix copy --to "$TEST_ROOT"/store0 "$outPath")
|
||||||
|
|
||||||
# But succeed if we supply the public keys.
|
# But succeed if we supply the public keys.
|
||||||
nix copy --to $TEST_ROOT/store0 $outPath --trusted-public-keys $pk1
|
nix copy --to "$TEST_ROOT"/store0 "$outPath" --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
expect 2 nix store verify --store $TEST_ROOT/store0 -r $outPath
|
expect 2 nix store verify --store "$TEST_ROOT"/store0 -r "$outPath"
|
||||||
|
|
||||||
nix store verify --store $TEST_ROOT/store0 -r $outPath --trusted-public-keys $pk1
|
nix store verify --store "$TEST_ROOT"/store0 -r "$outPath" --trusted-public-keys "$pk1"
|
||||||
nix store verify --store $TEST_ROOT/store0 -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
nix store verify --store "$TEST_ROOT"/store0 -r "$outPath" --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
|
||||||
|
|
||||||
# It should also succeed if we disable signature checking.
|
# It should also succeed if we disable signature checking.
|
||||||
(! nix copy --to $TEST_ROOT/store0 $outPath2)
|
(! nix copy --to "$TEST_ROOT"/store0 "$outPath2")
|
||||||
nix copy --to $TEST_ROOT/store0?require-sigs=false $outPath2
|
nix copy --to "$TEST_ROOT"/store0?require-sigs=false "$outPath2"
|
||||||
|
|
||||||
# But signatures should still get copied.
|
# But signatures should still get copied.
|
||||||
nix store verify --store $TEST_ROOT/store0 -r $outPath2 --trusted-public-keys $pk1
|
nix store verify --store "$TEST_ROOT"/store0 -r "$outPath2" --trusted-public-keys "$pk1"
|
||||||
|
|
||||||
# Content-addressed stuff can be copied without signatures.
|
# Content-addressed stuff can be copied without signatures.
|
||||||
nix copy --to $TEST_ROOT/store0 $outPathCA
|
nix copy --to "$TEST_ROOT"/store0 "$outPathCA"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
echo "PATH=$PATH"
|
echo "PATH=$PATH"
|
||||||
|
|
||||||
# Verify that the PATH is empty.
|
# Verify that the PATH is empty.
|
||||||
|
|
@ -5,7 +7,6 @@ if mkdir foo 2> /dev/null; then exit 1; fi
|
||||||
|
|
||||||
# Set a PATH (!!! impure).
|
# Set a PATH (!!! impure).
|
||||||
export PATH=$goodPath
|
export PATH=$goodPath
|
||||||
|
mkdir "$out"
|
||||||
|
|
||||||
mkdir $out
|
echo "Hello World!" > "$out"/hello
|
||||||
|
|
||||||
echo "Hello World!" > $out/hello
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ outPath=$(nix-store -rvv "$drvPath")
|
||||||
|
|
||||||
echo "output path is $outPath"
|
echo "output path is $outPath"
|
||||||
|
|
||||||
(! [ -w $outPath ])
|
[[ ! -w $outPath ]]
|
||||||
|
|
||||||
text=$(cat "$outPath/hello")
|
text=$(cat "$outPath/hello")
|
||||||
if test "$text" != "Hello World!"; then exit 1; fi
|
if test "$text" != "Hello World!"; then exit 1; fi
|
||||||
|
|
@ -21,16 +21,16 @@ TODO_NixOS
|
||||||
|
|
||||||
# Directed delete: $outPath is not reachable from a root, so it should
|
# Directed delete: $outPath is not reachable from a root, so it should
|
||||||
# be deleteable.
|
# be deleteable.
|
||||||
nix-store --delete $outPath
|
nix-store --delete "$outPath"
|
||||||
(! [ -e $outPath/hello ])
|
[[ ! -e $outPath/hello ]]
|
||||||
|
|
||||||
outPath="$(NIX_REMOTE=local?store=/foo\&real=$TEST_ROOT/real-store nix-instantiate --readonly-mode hash-check.nix)"
|
outPath="$(NIX_REMOTE='local?store=/foo&real='"$TEST_ROOT"'/real-store' nix-instantiate --readonly-mode hash-check.nix)"
|
||||||
if test "$outPath" != "/foo/lfy1s6ca46rm5r6w4gg9hc0axiakjcnm-dependencies.drv"; then
|
if test "$outPath" != "/foo/lfy1s6ca46rm5r6w4gg9hc0axiakjcnm-dependencies.drv"; then
|
||||||
echo "hashDerivationModulo appears broken, got $outPath"
|
echo "hashDerivationModulo appears broken, got $outPath"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
outPath="$(NIX_REMOTE=local?store=/foo\&real=$TEST_ROOT/real-store nix-instantiate --readonly-mode big-derivation-attr.nix)"
|
outPath="$(NIX_REMOTE='local?store=/foo&real='"$TEST_ROOT"'/real-store' nix-instantiate --readonly-mode big-derivation-attr.nix)"
|
||||||
if test "$outPath" != "/foo/xxiwa5zlaajv6xdjynf9yym9g319d6mn-big-derivation-attr.drv"; then
|
if test "$outPath" != "/foo/xxiwa5zlaajv6xdjynf9yym9g319d6mn-big-derivation-attr.drv"; then
|
||||||
echo "big-derivation-attr.nix hash appears broken, got $outPath. Memory corruption in large drv attr?"
|
echo "big-derivation-attr.nix hash appears broken, got $outPath. Memory corruption in large drv attr?"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
source common.sh
|
source common.sh
|
||||||
|
|
||||||
echo foo > $TEST_ROOT/hello.sh
|
echo foo > "$TEST_ROOT"/hello.sh
|
||||||
|
|
||||||
ssh_localhost=ssh://localhost
|
ssh_localhost=ssh://localhost
|
||||||
remote_store=?remote-store=$ssh_localhost
|
remote_store="?remote-store=$ssh_localhost"
|
||||||
|
|
||||||
store=$ssh_localhost
|
store=$ssh_localhost
|
||||||
|
|
||||||
|
|
@ -13,6 +13,6 @@ store+=$remote_store
|
||||||
store+=$remote_store
|
store+=$remote_store
|
||||||
store+=$remote_store
|
store+=$remote_store
|
||||||
|
|
||||||
out=$(nix store add-path --store "$store" $TEST_ROOT/hello.sh)
|
out=$(nix store add-path --store "$store" "$TEST_ROOT"/hello.sh)
|
||||||
|
|
||||||
[ foo = $(< $out) ]
|
[ foo = "$(< "$out")" ]
|
||||||
|
|
|
||||||
|
|
@ -8,12 +8,12 @@ STORE_INFO_JSON=$(nix store info --json)
|
||||||
echo "$STORE_INFO" | grep "Store URL: ${NIX_REMOTE}"
|
echo "$STORE_INFO" | grep "Store URL: ${NIX_REMOTE}"
|
||||||
|
|
||||||
if [[ -v NIX_DAEMON_PACKAGE ]] && isDaemonNewer "2.7.0pre20220126"; then
|
if [[ -v NIX_DAEMON_PACKAGE ]] && isDaemonNewer "2.7.0pre20220126"; then
|
||||||
DAEMON_VERSION=$($NIX_DAEMON_PACKAGE/bin/nix daemon --version | cut -d' ' -f3)
|
DAEMON_VERSION=$("$NIX_DAEMON_PACKAGE"/bin/nix daemon --version | cut -d' ' -f3)
|
||||||
echo "$STORE_INFO" | grep "Version: $DAEMON_VERSION"
|
echo "$STORE_INFO" | grep "Version: $DAEMON_VERSION"
|
||||||
[[ "$(echo "$STORE_INFO_JSON" | jq -r ".version")" == "$DAEMON_VERSION" ]]
|
[[ "$(echo "$STORE_INFO_JSON" | jq -r ".version")" == "$DAEMON_VERSION" ]]
|
||||||
fi
|
fi
|
||||||
|
|
||||||
expect 127 NIX_REMOTE=unix:$PWD/store nix store info || \
|
expect 127 NIX_REMOTE=unix:"$PWD"/store nix store info || \
|
||||||
fail "nix store info on a non-existent store should fail"
|
fail "nix store info on a non-existent store should fail"
|
||||||
|
|
||||||
TODO_NixOS
|
TODO_NixOS
|
||||||
|
|
|
||||||
|
|
@ -8,17 +8,19 @@ requireDaemonNewerThan "2.4pre20210712"
|
||||||
|
|
||||||
clearStoreIfPossible
|
clearStoreIfPossible
|
||||||
|
|
||||||
rm -f $TEST_ROOT/result
|
rm -f "$TEST_ROOT"/result
|
||||||
|
|
||||||
nix-build structured-attrs.nix -A all -o $TEST_ROOT/result
|
nix-build structured-attrs.nix -A all -o "$TEST_ROOT"/result
|
||||||
|
|
||||||
[[ $(cat $TEST_ROOT/result/foo) = bar ]]
|
[[ $(cat "$TEST_ROOT"/result/foo) = bar ]]
|
||||||
[[ $(cat $TEST_ROOT/result-dev/foo) = foo ]]
|
[[ $(cat "$TEST_ROOT"/result-dev/foo) = foo ]]
|
||||||
|
|
||||||
export NIX_BUILD_SHELL=$SHELL
|
export NIX_BUILD_SHELL=$SHELL
|
||||||
|
# shellcheck disable=SC2016
|
||||||
env NIX_PATH=nixpkgs=shell.nix nix-shell structured-attrs-shell.nix \
|
env NIX_PATH=nixpkgs=shell.nix nix-shell structured-attrs-shell.nix \
|
||||||
--run 'test "3" = "$(jq ".my.list|length" < $NIX_ATTRS_JSON_FILE)"'
|
--run 'test "3" = "$(jq ".my.list|length" < $NIX_ATTRS_JSON_FILE)"'
|
||||||
|
|
||||||
|
# shellcheck disable=SC2016
|
||||||
nix develop -f structured-attrs-shell.nix -c bash -c 'test "3" = "$(jq ".my.list|length" < $NIX_ATTRS_JSON_FILE)"'
|
nix develop -f structured-attrs-shell.nix -c bash -c 'test "3" = "$(jq ".my.list|length" < $NIX_ATTRS_JSON_FILE)"'
|
||||||
|
|
||||||
TODO_NixOS # following line fails.
|
TODO_NixOS # following line fails.
|
||||||
|
|
@ -26,6 +28,7 @@ TODO_NixOS # following line fails.
|
||||||
# `nix develop` is a slightly special way of dealing with environment vars, it parses
|
# `nix develop` is a slightly special way of dealing with environment vars, it parses
|
||||||
# these from a shell-file exported from a derivation. This is to test especially `outputs`
|
# these from a shell-file exported from a derivation. This is to test especially `outputs`
|
||||||
# (which is an associative array in thsi case) being fine.
|
# (which is an associative array in thsi case) being fine.
|
||||||
|
# shellcheck disable=SC2016
|
||||||
nix develop -f structured-attrs-shell.nix -c bash -c 'test -n "$out"'
|
nix develop -f structured-attrs-shell.nix -c bash -c 'test -n "$out"'
|
||||||
|
|
||||||
nix print-dev-env -f structured-attrs-shell.nix | grepQuiet 'NIX_ATTRS_JSON_FILE='
|
nix print-dev-env -f structured-attrs-shell.nix | grepQuiet 'NIX_ATTRS_JSON_FILE='
|
||||||
|
|
|
||||||
|
|
@ -11,16 +11,16 @@ getRemoteNarInfo () {
|
||||||
echo "$cacheDir/$(getHash "$1").narinfo"
|
echo "$cacheDir/$(getHash "$1").narinfo"
|
||||||
}
|
}
|
||||||
|
|
||||||
cat <<EOF > $TEST_HOME/good.txt
|
cat <<EOF > "$TEST_HOME"/good.txt
|
||||||
I’m a good path
|
I’m a good path
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<EOF > $TEST_HOME/bad.txt
|
cat <<EOF > "$TEST_HOME"/bad.txt
|
||||||
I’m a bad path
|
I’m a bad path
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
good=$(nix-store --add $TEST_HOME/good.txt)
|
good=$(nix-store --add "$TEST_HOME"/good.txt)
|
||||||
bad=$(nix-store --add $TEST_HOME/bad.txt)
|
bad=$(nix-store --add "$TEST_HOME"/bad.txt)
|
||||||
nix copy --to "$BINARY_CACHE" "$good"
|
nix copy --to "$BINARY_CACHE" "$good"
|
||||||
nix copy --to "$BINARY_CACHE" "$bad"
|
nix copy --to "$BINARY_CACHE" "$bad"
|
||||||
nix-collect-garbage >/dev/null 2>&1
|
nix-collect-garbage >/dev/null 2>&1
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ NIX_BUILD_STDERR_WITH_NO_CLOSE_SUGGESTION=$(! nix build .\#bar 2>&1 1>/dev/null)
|
||||||
[[ ! "$NIX_BUILD_STDERR_WITH_NO_CLOSE_SUGGESTION" =~ "Did you mean" ]] || \
|
[[ ! "$NIX_BUILD_STDERR_WITH_NO_CLOSE_SUGGESTION" =~ "Did you mean" ]] || \
|
||||||
fail "The nix build stderr shouldn’t suggest anything if there’s nothing relevant to suggest"
|
fail "The nix build stderr shouldn’t suggest anything if there’s nothing relevant to suggest"
|
||||||
|
|
||||||
NIX_EVAL_STDERR_WITH_SUGGESTIONS=$(! nix build --impure --expr '(builtins.getFlake (builtins.toPath ./.)).packages.'$system'.fob' 2>&1 1>/dev/null)
|
NIX_EVAL_STDERR_WITH_SUGGESTIONS=$(! nix build --impure --expr '(builtins.getFlake (builtins.toPath ./.)).packages.'"$system"'.fob' 2>&1 1>/dev/null)
|
||||||
[[ "$NIX_EVAL_STDERR_WITH_SUGGESTIONS" =~ "Did you mean one of fo1, fo2, foo or fooo?" ]] || \
|
[[ "$NIX_EVAL_STDERR_WITH_SUGGESTIONS" =~ "Did you mean one of fo1, fo2, foo or fooo?" ]] || \
|
||||||
fail "The evaluator should suggest the three closest possiblities"
|
fail "The evaluator should suggest the three closest possiblities"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,51 +4,51 @@ source common.sh
|
||||||
|
|
||||||
clearStoreIfPossible
|
clearStoreIfPossible
|
||||||
|
|
||||||
rm -rf $TEST_HOME
|
rm -rf "$TEST_HOME"
|
||||||
|
|
||||||
tarroot=$TEST_ROOT/tarball
|
tarroot=$TEST_ROOT/tarball
|
||||||
rm -rf $tarroot
|
rm -rf "$tarroot"
|
||||||
mkdir -p $tarroot
|
mkdir -p "$tarroot"
|
||||||
cp dependencies.nix $tarroot/default.nix
|
cp dependencies.nix "$tarroot/default.nix"
|
||||||
cp config.nix dependencies.builder*.sh $tarroot/
|
cp config.nix dependencies.builder*.sh "$tarroot/"
|
||||||
touch -d '@1000000000' $tarroot $tarroot/*
|
touch -d '@1000000000' "$tarroot" "$tarroot"/*
|
||||||
|
|
||||||
hash=$(nix hash path $tarroot)
|
hash=$(nix hash path "$tarroot")
|
||||||
|
|
||||||
test_tarball() {
|
test_tarball() {
|
||||||
local ext="$1"
|
local ext="$1"
|
||||||
local compressor="$2"
|
local compressor="$2"
|
||||||
|
|
||||||
tarball=$TEST_ROOT/tarball.tar$ext
|
tarball=$TEST_ROOT/tarball.tar$ext
|
||||||
(cd $TEST_ROOT && GNUTAR_REPRODUCIBLE= tar --mtime=$tarroot/default.nix --owner=0 --group=0 --numeric-owner --sort=name -c -f - tarball) | $compressor > $tarball
|
(cd "$TEST_ROOT" && GNUTAR_REPRODUCIBLE=1 tar --mtime="$tarroot"/default.nix --owner=0 --group=0 --numeric-owner --sort=name -c -f - tarball) | $compressor > "$tarball"
|
||||||
|
|
||||||
nix-env -f file://$tarball -qa --out-path | grepQuiet dependencies
|
nix-env -f file://"$tarball" -qa --out-path | grepQuiet dependencies
|
||||||
|
|
||||||
nix-build -o $TEST_ROOT/result file://$tarball
|
nix-build -o "$TEST_ROOT"/result file://"$tarball"
|
||||||
|
|
||||||
nix-build -o $TEST_ROOT/result '<foo>' -I foo=file://$tarball
|
nix-build -o "$TEST_ROOT"/result '<foo>' -I foo=file://"$tarball"
|
||||||
|
|
||||||
nix-build -o $TEST_ROOT/result -E "import (fetchTarball file://$tarball)"
|
nix-build -o "$TEST_ROOT"/result -E "import (fetchTarball file://$tarball)"
|
||||||
# Do not re-fetch paths already present
|
# Do not re-fetch paths already present
|
||||||
nix-build -o $TEST_ROOT/result -E "import (fetchTarball { url = file:///does-not-exist/must-remain-unused/$tarball; sha256 = \"$hash\"; })"
|
nix-build -o "$TEST_ROOT"/result -E "import (fetchTarball { url = file:///does-not-exist/must-remain-unused/$tarball; sha256 = \"$hash\"; })"
|
||||||
|
|
||||||
nix-build -o $TEST_ROOT/result -E "import (fetchTree file://$tarball)"
|
nix-build -o "$TEST_ROOT"/result -E "import (fetchTree file://$tarball)"
|
||||||
nix-build -o $TEST_ROOT/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; })"
|
nix-build -o "$TEST_ROOT"/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; })"
|
||||||
nix-build -o $TEST_ROOT/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })"
|
nix-build -o "$TEST_ROOT"/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })"
|
||||||
# Do not re-fetch paths already present
|
# Do not re-fetch paths already present
|
||||||
nix-build -o $TEST_ROOT/result -E "import (fetchTree { type = \"tarball\"; url = file:///does-not-exist/must-remain-unused/$tarball; narHash = \"$hash\"; })"
|
nix-build -o "$TEST_ROOT"/result -E "import (fetchTree { type = \"tarball\"; url = file:///does-not-exist/must-remain-unused/$tarball; narHash = \"$hash\"; })"
|
||||||
expectStderr 102 nix-build -o $TEST_ROOT/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"sha256-xdKv2pq/IiwLSnBBJXW8hNowI4MrdZfW+SYqDQs7Tzc=\"; })" | grep 'NAR hash mismatch in input'
|
expectStderr 102 nix-build -o "$TEST_ROOT"/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"sha256-xdKv2pq/IiwLSnBBJXW8hNowI4MrdZfW+SYqDQs7Tzc=\"; })" | grep 'NAR hash mismatch in input'
|
||||||
|
|
||||||
[[ $(nix eval --impure --expr "(fetchTree file://$tarball).lastModified") = 1000000000 ]]
|
[[ $(nix eval --impure --expr "(fetchTree file://$tarball).lastModified") = 1000000000 ]]
|
||||||
|
|
||||||
nix-instantiate --strict --eval -E "!((import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })) ? submodules)" >&2
|
nix-instantiate --strict --eval -E "!((import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })) ? submodules)" >&2
|
||||||
nix-instantiate --strict --eval -E "!((import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })) ? submodules)" 2>&1 | grep 'true'
|
nix-instantiate --strict --eval -E "!((import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })) ? submodules)" 2>&1 | grep 'true'
|
||||||
|
|
||||||
nix-instantiate --eval -E '1 + 2' -I fnord=file:///no-such-tarball.tar$ext
|
nix-instantiate --eval -E '1 + 2' -I fnord=file:///no-such-tarball.tar"$ext"
|
||||||
nix-instantiate --eval -E 'with <fnord/xyzzy>; 1 + 2' -I fnord=file:///no-such-tarball$ext
|
nix-instantiate --eval -E 'with <fnord/xyzzy>; 1 + 2' -I fnord=file:///no-such-tarball"$ext"
|
||||||
(! nix-instantiate --eval -E '<fnord/xyzzy> 1' -I fnord=file:///no-such-tarball$ext)
|
(! nix-instantiate --eval -E '<fnord/xyzzy> 1' -I fnord=file:///no-such-tarball"$ext")
|
||||||
|
|
||||||
nix-instantiate --eval -E '<fnord/config.nix>' -I fnord=file:///no-such-tarball$ext -I fnord=.
|
nix-instantiate --eval -E '<fnord/config.nix>' -I fnord=file:///no-such-tarball"$ext" -I fnord=.
|
||||||
|
|
||||||
# Ensure that the `name` attribute isn’t accepted as that would mess
|
# Ensure that the `name` attribute isn’t accepted as that would mess
|
||||||
# with the content-addressing
|
# with the content-addressing
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ expect 1 false
|
||||||
expect 1 expect 0 false
|
expect 1 expect 0 false
|
||||||
|
|
||||||
function ret() {
|
function ret() {
|
||||||
return $1
|
return "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
# `expect` can call functions, not just executables
|
# `expect` can call functions, not just executables
|
||||||
|
|
@ -48,6 +48,7 @@ expectStderr 1 noisyFalse | grepQuiet NAY
|
||||||
|
|
||||||
# `set -o pipefile` is enabled
|
# `set -o pipefile` is enabled
|
||||||
|
|
||||||
|
# shellcheck disable=SC2317# shellcheck disable=SC2317
|
||||||
pipefailure () {
|
pipefailure () {
|
||||||
# shellcheck disable=SC2216
|
# shellcheck disable=SC2216
|
||||||
true | false | true
|
true | false | true
|
||||||
|
|
@ -55,6 +56,7 @@ pipefailure () {
|
||||||
expect 1 pipefailure
|
expect 1 pipefailure
|
||||||
unset pipefailure
|
unset pipefailure
|
||||||
|
|
||||||
|
# shellcheck disable=SC2317
|
||||||
pipefailure () {
|
pipefailure () {
|
||||||
# shellcheck disable=SC2216
|
# shellcheck disable=SC2216
|
||||||
false | true | true
|
false | true | true
|
||||||
|
|
@ -82,6 +84,7 @@ expect 1 useUnbound
|
||||||
# ! alone unfortunately negates `set -e`, but it works in functions:
|
# ! alone unfortunately negates `set -e`, but it works in functions:
|
||||||
# shellcheck disable=SC2251
|
# shellcheck disable=SC2251
|
||||||
! true
|
! true
|
||||||
|
# shellcheck disable=SC2317
|
||||||
funBang () {
|
funBang () {
|
||||||
! true
|
! true
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,4 +5,4 @@ source common.sh
|
||||||
drv="$(nix-instantiate simple.nix)"
|
drv="$(nix-instantiate simple.nix)"
|
||||||
cat "$drv"
|
cat "$drv"
|
||||||
out="$(./test-libstoreconsumer/test-libstoreconsumer "$drv")"
|
out="$(./test-libstoreconsumer/test-libstoreconsumer "$drv")"
|
||||||
cat "$out/hello" | grep -F "Hello World!"
|
grep -F "Hello World!" < "$out/hello"
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ needLocalStore "see #4813"
|
||||||
|
|
||||||
messages=$(nix-build -Q timeout.nix -A infiniteLoop --timeout 2 2>&1) && status=0 || status=$?
|
messages=$(nix-build -Q timeout.nix -A infiniteLoop --timeout 2 2>&1) && status=0 || status=$?
|
||||||
|
|
||||||
if [ $status -ne 101 ]; then
|
if [ "$status" -ne 101 ]; then
|
||||||
echo "error: 'nix-store' exited with '$status'; should have exited 101"
|
echo "error: 'nix-store' exited with '$status'; should have exited 101"
|
||||||
|
|
||||||
# FIXME: https://github.com/NixOS/nix/issues/4813
|
# FIXME: https://github.com/NixOS/nix/issues/4813
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue