Commit graph

69 commits

Author SHA1 Message Date
John Ericson
b41cc1a755 Make wrapper derivation
This ensures just `nix build`-ing the flake doesn't forget to run all
tests. One can still specifiy specific attributes to just build one
thing.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-14 18:04:38 -04:00
Eelco Dolstra
2950f9e18a Add a VM test for S3BinaryCacheStore
Fixes #11238.
2024-08-05 11:48:50 +02:00
Robert Hensing
7c5a0b06a4 tests/nixos/remote-builds: Wait for multi-user
This should make the test more robust, considering the strange hang
in https://hydra.nixos.org/build/267517233/nixlog/8

`builder` seems to have reached `multi-user.target` before the
SSH connection was established, but this seems to be coincidental.
This does tell us that enforcing this has a minimal cost in terms
of runtime.

Waiting for `multi-user.target` on the client is honestly paranoid,
but flaky tests are very bad for productivity.
2024-07-27 13:08:30 +02:00
Robert Hensing
f4464873f5 tests/nixos/remote-builds: Print hello world to stderr
Trying to learn more about enigmatic spurious hang at
https://hydra.nixos.org/build/267517233/nixlog/8
- builder1 seems to have started properly
- ssh connection and session are established
- ssh client doesn't exit or client.succeed does not return
  for some reason.

Seeing the stdout on the console might give a tiny bit more info.
2024-07-27 13:01:56 +02:00
Eelco Dolstra
8f280d72ff
Merge pull request #11019 from DeterminateSystems/fix-failed-to-open-archive
Tarball fetcher: Fix handling of cached tarballs
2024-07-05 17:10:02 +02:00
Eelco Dolstra
e7e070d36b Document 2024-07-05 16:29:16 +02:00
Eelco Dolstra
1ff186fc6e nix flake metadata: Show flake fingerprint
This is useful for testing/debugging and maybe for sharing eval caches
(since it tells you what file in ~/.cache/nix/eval-cache-v5 to copy).
2024-07-03 17:00:30 +02:00
Eelco Dolstra
8bdd0ecd80 Add a test 2024-07-03 15:57:05 +02:00
John Ericson
8a420162ab Merge branch 'master' into fix-sandbox-escape 2024-06-26 18:11:39 -04:00
Théophane Hufschmitt
1d3696f0fb Run the builds in a daemon-controled directory
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
717f3eea39 Add a test for the user sandboxing 2024-06-21 17:06:18 +02:00
Robert Hensing
dcee46a0ef Apply suggestions from code review
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-06-20 14:54:11 +02:00
Robert Hensing
d208e9dd9f tests: Add quickBuild to all VM tests 2024-06-20 14:54:11 +02:00
Robert Hensing
439022c5ac tests: Add hydraJobs.tests.functional_* 2024-06-20 14:54:11 +02:00
John Ericson
b0283240a1
Merge pull request #10864 from Mic92/tarball-flakes-test
tests/nixos: make the tarball-flakes test better reflect real use cases
2024-06-05 18:40:16 -04:00
Pierre Bourdon
162d94d975 tests/nixos: make the tarball-flakes test better reflect real use cases
In most real world cases, the Link header is set on the redirect, not on
the final file. This regressed in Lix earlier and while new unit tests
were added to cover it, this integration test should probably have also
caught it.

Source: a3256a9375
2024-06-05 20:14:24 +02:00
Robert Hensing
5d460d563e TMP: Disable tests.setuid.i686-linux
Temporarily(?) blocked on https://github.com/NixOS/nixpkgs/pull/297475#issuecomment-2145589501
2024-06-03 18:47:53 +02:00
Robert Hensing
8a510f4ede Add tests.remoteBuilds_*_2_18 2024-06-03 17:34:55 +02:00
Robert Hensing
efc2508e8b Refactor hydraJobs.tests.remoteBuilds_*_2_18 2024-06-03 17:34:55 +02:00
Robert Hensing
6558025e77 Fix eval remoteBuilds_*_2_13 2024-06-03 17:34:55 +02:00
Robert Hensing
449e4b9232 Change checkOverrideNixVersion for NixOS 24.05 2024-06-03 17:34:55 +02:00
Eelco Dolstra
ac3e5d22e3
Merge pull request #10028 from DavHau/fetchTree-shallow-default
fetchTree: shallow git fetching by default
2024-06-03 16:02:34 +02:00
Eelco Dolstra
9a58d90c73 tests/nixos/containers/containers.nix: Remove superfluous -v 2024-05-14 14:27:09 +02:00
ramboman
b4950404ba
Honor the same set of proxy environment variables (#10611)
Different parts of the project honor different sets of proxy environment
variables. With this commit all parts of the project will honor the same
set of proxy environment variables.

---------

Co-authored-by: Your Name <you@example.com>
Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2024-05-06 15:39:22 -04:00
Bouke van der Bijl
1e4f902b28 Add gitSubmodules test to github actions 2024-04-11 15:55:09 +02:00
Bouke van der Bijl
cd06193d13 Add nixos test 2024-04-11 15:28:38 +02:00
Théophane Hufschmitt
29c3e4f580
Merge pull request #10340 from edolstra/trust-github
Add trust-tarballs-from-git-forges setting
2024-04-02 16:08:57 +02:00
Sergei Zimmerman
a66b5a1526
test(nixos): add integration test for doubly-compressed content
Add an integration test with a compressing proxy (nginx is used).
This test verifies that fetched archives do not get decompressed
excessively.
2024-03-30 01:29:34 +03:00
Eelco Dolstra
00ce36fafe Add test 2024-03-29 13:38:55 +01:00
Eelco Dolstra
c1811c1eba Fix GitHub test
Cherry-picked from 03618bb85f609a9b2f3cd6b82628a95b425e3b72.
2024-03-10 13:38:38 +01:00
Théophane Hufschmitt
65b79c52c6 Fix a typo in a test comment
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-03-01 09:31:28 +01:00
Théophane Hufschmitt
a55c6a0f47 Add a NixOS test for the sandbox escape
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-01 09:31:28 +01:00
DavHau
358c26fd13 fetchTree: shallow git fetching by default
Motivation:
make git fetching more efficient for most repos by default
2024-02-28 13:27:22 +07:00
Robert Hensing
c4d7c4a848 nixos/tests/remote-builds*: Format
nixpkgs-fmt
2024-01-22 18:47:59 +01:00
Robert Hensing
5167351efb tests/nixos/remote-builds*: Inline module + format 2024-01-22 18:44:16 +01:00
Robert Hensing
e502d1cf94 tests/nixos: Test remote build against older versions 2024-01-22 18:39:15 +01:00
DavHau
bc00fa4647 fetchTree/fetchGit: re-enable shallow fetching
Add several tests for git fetching:
- shallow-cache-separation: can fetch the same repo shallowly and non-shallowly
- shallow-ignore-ref: ensure that ref gets ignored when shallow=true is set
- ssh-shallow: can fetch a git repo via ssh using shallow=1
2024-01-19 20:30:47 +07:00
Robert Hensing
346d513d86 tests/nixos/fetch-git: Add http-auth test 2024-01-18 22:34:38 +01:00
Robert Hensing
ed975e953c tests/nixos/fetch-git: Testsupport for private repos 2024-01-18 22:29:26 +01:00
Robert Hensing
1254170405 tests/nixos/fetch-git: Make the store paths unique 2024-01-18 21:00:40 +01:00
Robert Hensing
94eba0ebbb tests/nixos/fetch-git: Memoize -> save
Memoization is for thunk-like behavior whereas this is executed eagerly.
2024-01-18 21:00:40 +01:00
Robert Hensing
fd41979d78 tests/nixos/fetch-git: Factor out gitea repo module 2024-01-18 21:00:40 +01:00
Robert Hensing
78074bdea4 tests/nixos/fetch-git: Apply suggestions 2024-01-18 12:53:53 +01:00
DavHau
0f95330fde fetchGit: add simple test for ssh fetching
Also move tests to separate files which are auto-imported. This should allow people adding tests concurrently without introducing merge conflicts
2024-01-11 15:46:26 +07:00
DavHau
813c113b9e initialize test suite for git fetchers
solves #9388

This utilizes nixos vm tests to allow:
- writing tests for fetchTree and fetchGit involving actual networking.
- writing small independent test cases by automating local and remote repository setup per test case.

This adds:
  - a gitea module setting up a gitea server
  - a setup module that simplifies writing test cases by automating the repo setup.
  - a simple git http test case

Other improvements:
For all nixos tests, add capability of overriding the nix version to test against.
This should make it easier to prevent regressions. If a new test is added it can simply be ran against any older nix version without having to backport the test.
For example, for running the container tests against nix 2.12.0:
`nix build "$(nix eval --raw .#hydraJobs.tests.containers --impure --apply 't: (t.forNix "2.12.0").drvPath')^*" -L`
2024-01-11 14:44:00 +07:00
John Ericson
37ea1612c7 flake: Go back to regular nixos-23.05-small
Finally get off the ad-hoc staging commit!

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/36c4ac09e9bebcec1fa7b7539cddb0c9e837409c' (2023-11-30)
  → 'github:NixOS/nixpkgs/2c9c58e98243930f8cb70387934daa4bc8b00373' (2023-12-31)
2024-01-04 10:45:00 -05:00
Cole Helbling
123ef6a996 Fix warnings when running checks
`nix flake check` had these warnings:

    trace: warning: Module argument `nodes.client.config` is deprecated. Use `nodes.client` instead.
    trace: warning: Module argument `nodes.client.config` is deprecated. Use `nodes.client` instead.
    trace: warning: The option `services.openssh.permitRootLogin' defined in `/nix/store/3m3hfpmbjdf4w39qfjami7ljhvhczay1-source/tests/nixos/nix-copy.nix' has been renamed to `services.openssh.settings.PermitRootLogin'.
    trace: warning: Module argument `nodes.http_dns.config` is deprecated. Use `nodes.http_dns` instead.
    trace: warning: Module argument `nodes.github.config` is deprecated. Use `nodes.github` instead.
    trace: warning: Module argument `nodes.sourcehut.config` is deprecated. Use `nodes.sourcehut` instead.
2023-12-18 10:20:52 -08:00
Théophane Hufschmitt
589fb105f3 Fix the VM tests
Work around https://github.com/NixOS/nixpkgs/issues/271146 until we can
depend on a Nixpkgs version containing https://github.com/NixOS/nixpkgs/pull/271423
2023-12-12 16:05:32 +01:00
r-vdp
60b363936d
libstore/ssh-ng: Fix phase reporting in log files.
When doing local builds, we get phase reporting lines in the log file,
they look like '@nix {"action":"setPhase","phase":"unpackPhase"}'.
With the ssh-ng protocol, we do have access to these messages, but since we
are only including messages of type resBuildLogLine in the logs, the phase
information does not end up in the log file.

The phase reporting could probably be improved altoghether (it looks like it
is kind of accidental that these JSON messages for phase reporting show up
but others don't, just because they are actually emitted by nixpkgs' stdenv),
but as a first step I propose to make ssh-ng behave in the same way as local builds do.
2023-11-03 12:30:25 +01:00
Eelco Dolstra
856fe13533 fetchTree cleanup
Two changes:

* The (probably unintentional) hack to handle paths as tarballs has
  been removed. This is almost certainly not what users expect and is
  inconsistent with flakeref handling everywhere else.

* The hack to support scp-style Git URLs has been moved to the Git
  fetcher, so it's now supported not just by fetchTree but by flake
  inputs.
2023-10-13 14:34:23 +02:00