Commit graph

2696 commits

Author SHA1 Message Date
Tim Van Baak
a75b082a28 Expand shellcheck coverage in functional tests
Ref NixOS/nix#10795
2024-10-30 08:27:06 -07:00
Robert Hensing
3db75b0060
Merge pull request #11729 from emhamm/nix-tests-help-only-if-docu
nix/tests: run test help.sh only if nix is built with documentation
2024-10-23 19:41:44 +02:00
Eelco Dolstra
75016c26f9 Add a test for chroot stores 2024-10-22 22:23:40 +02:00
Eelco Dolstra
e09666d314 Fix test name 2024-10-22 22:05:48 +02:00
Marian Hammer
85b0cd320a
nix/tests: run test help.sh only if nix is built with documentation
tests/functional/help.sh calls nix-* commands with option --help
if nix is built without documentation the option --help throws an error
because the man page it wants to display is missing
2024-10-22 14:15:56 +02:00
Jörg Thalheim
2105574702 fix env-vars beeing written to /tmp
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes https://github.com/NixOS/nix/issues/11470
2024-10-22 08:21:18 +00:00
John Ericson
e65510da56 Move unit tests to the location Meson expects them to be
Everything that is a separate subproject should live in the subprojects
directory.

Progress on #2503

This reverts commit 451f8a8c19.
2024-10-17 15:42:16 -04:00
Eelco Dolstra
facc502bc8
Merge pull request #11695 from DeterminateSystems/override-lastModified
path fetcher: Allow the lastModified attribute to be overriden again
2024-10-16 18:03:29 +02:00
Eelco Dolstra
de1289229f
Merge pull request #11669 from obsidiansystems/doc-source-rename
Make the subproject dir `src` again
2024-10-16 17:30:40 +02:00
Eelco Dolstra
781ff7672e Add test 2024-10-16 17:18:07 +02:00
Robert Hensing
806a91f7bf
Merge pull request #11688 from roberth/meson-tidy
Clean up the `package.nix` files
2024-10-14 17:40:46 +02:00
John Ericson
eb7d7780b1 Rename doc/manual{src -> source}
This is needed to avoid this
https://github.com/mesonbuild/meson/issues/13774 when we go back to
making our subproject directory `src`.
2024-10-14 11:21:24 -04:00
Eelco Dolstra
d5c45952ac
Merge pull request #11690 from DeterminateSystems/non-contiguous-tarballs
Handle tarballs where directory entries are not contiguous
2024-10-14 14:50:31 +02:00
Eelco Dolstra
a7b9877da9 Add a test 2024-10-14 14:10:36 +02:00
Robert Hensing
15e3e1543b packaging: Add mkMeson{Library,Executable}
and:
- move pkg-config out of mkMesonDerivation, for components that don't
  produce any executable code
2024-10-13 23:17:54 +02:00
Robert Hensing
0aef34b790 packaging: Add mesonLayer
... and remove a few unused arguments.

This adds pkg-config to a two or three packages that don't use it,
but we shouldn't let that bother us. It's like our personal stdenv.
2024-10-13 22:39:53 +02:00
Eelco Dolstra
0500fba56a builtins.fetchurl: Fix segfault on s3:// URLs
Also, add an activity to show that we're downloading an s3:// file.

Fixes #11674.
2024-10-11 14:32:34 +02:00
Eelco Dolstra
4202d4fc81
Merge pull request #11664 from DeterminateSystems/show-sandbox-setup-error
Propagate errors from early sandbox initialization to the parent
2024-10-10 17:01:37 +02:00
Eelco Dolstra
0be70469dc Propagate errors from early sandbox initialization to the parent
This should help with issues like
https://github.com/DeterminateSystems/nix-installer/issues/1227, which
currently just print "unable to start build process".
2024-10-09 20:53:43 +02:00
John Ericson
0db8ff820b More comment rewording as requested
Co-Authored-By: Robert Hensing <robert@roberthensing.nl>
2024-10-09 11:07:15 -04:00
John Ericson
57a478572d Rename baseNativeBuildInputs
as requested

Co-Authored-By: Robert Hensing <robert@roberthensing.nl>
2024-10-09 11:07:12 -04:00
Robert Hensing
26c3fc11ea
Merge pull request #11609 from yannham/fix/nar-test-zfs
Fix NAR tests on Linux+ZFS+normalize
2024-10-07 16:16:15 +02:00
Robert Hensing
011fa9e085
tests/functional/nars.sh: Fail test if touch fails, comment
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2024-10-07 14:54:35 +02:00
Eelco Dolstra
4dc7946acd
Merge pull request #11610 from Mic92/ssl-fix
fix passing CA files into builtins:fetchurl sandbox
2024-10-07 14:41:32 +02:00
Eelco Dolstra
15e5684884 experimental-features.hh: Don't include json-utils.hh
This caused nlohmann/json.hpp to leak into a lot of compilation units,
which is slow (when not using precompiled headers).

Cuts build time from 46m24s to 42m5s (real time with -j24: 2m42s to
2m24s).
2024-10-04 15:59:35 +02:00
Eelco Dolstra
f5a2f2a8f8
Merge pull request #11560 from rhendric/rhendric/deprecate-cursed-or
libexpr: deprecate the bogus "or"-as-variable
2024-10-02 19:11:56 +02:00
tomberek
14f029dbe8
Merge pull request #11489 from bryanhonof/bryanhonof.warn-on-malformed-uri-query
fix: warn on malformed URI query parameter
2024-09-30 12:14:40 -04:00
Yann Hamdaoui
f8268cbe16
Fix NAR tests on Linux+ZFS+normalize
A test added recently checks that when trying to deserialize a NAR with
two files that Unicode-normalize to the same result either succeeds on
Linux, or fails with an "already exists" error on Darwin. However,
failing with an "already exists" error can in fact also happen on Linux,
when using ZFS with the proper utf8 and Unicode normalization options
set.

This commit fixes the issue by not assuming the behavior from the
current system, but just by blindly checking that either one of the two
aforementioned possibilities happen, whether on Darwin or on Linux.

Additionally, we check that the Unicode normalization behaviour of
nix-store is the same as the host file system.
2024-09-30 16:29:51 +02:00
Bryan Honof
5150a962f5
test(functional/flakes): add dubious-query
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2024-09-30 14:44:06 +02:00
Robert Hensing
c116030605
Merge pull request #11602 from Mic92/macos-test-fix
tests/functional/flakes/run: fix tests in macOS devshell
2024-09-30 13:37:54 +02:00
Robert Hensing
4e31360637
Reference issue in tests/functional/flakes/run.sh 2024-09-30 13:02:51 +02:00
Valentin Gagarin
79138183a9
Merge pull request #11613 from NixOS/nix-fmt-doc
doc/nix fmt: Do not document behavior we do not control
2024-09-29 20:48:43 +02:00
Robert Hensing
8c4842de8c doc/nix fmt: Do not document behavior we do not control
This leads to confusion about what the command does.
E.g. https://github.com/NixOS/nix/issues/9359

- Move the description up

- Remove details about the individual formatters
2024-09-29 19:53:36 +02:00
Jörg Thalheim
410853ddcf tests/nixos/fetchurl: drop unused variables 2024-09-28 17:08:18 +02:00
Puck Meerburg
c1ecf0bee9 fix passing CA files into builtins:fetchurl sandbox
This patch has been manually adapted from
14dc84ed03

Tested with:

$ NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
Finished at 16:57:50 after 1s
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
  /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> error:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>        … writing file '/nix/store/0zynn4n8yx59bczy1mgh1lq2rnprvvrc-google.com'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>        error: unable to download 'https://google.com': Problem with the SSL CA cert (path? access rights?) (77) error setting certificate file: /nix/store/nlgbippbbgn38hynjkp1ghiybcq1dqhx-nss-cacert-3.101.1/etc/ssl/certs/ca-bundle.crt
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
error: builder for '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv' failed with exit code 1

Now returns:

nix-env % NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
Finished at 17:05:48 after 0s
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
  /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
error: hash mismatch in fixed-output derivation '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv':
         specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
2024-09-28 17:08:16 +02:00
Jörg Thalheim
3b0c5ab835 tests/functional/flakes/run: fix tests in macOS devshell
same fix as in 04a47e93f6
2024-09-27 11:07:50 +02:00
Eelco Dolstra
062b4a489e
Merge pull request #11585 from NixOS/verify-tls
builtin:fetchurl: Enable TLS verification
2024-09-25 23:52:25 +02:00
Eelco Dolstra
f2f47fa725 Add a test for builtin:fetchurl cert verification 2024-09-24 16:13:28 +02:00
John Ericson
2b6b03d8df Ensure error messages don't leak private key
Since #8766, invalid base64 is rendered in errors, but we don't actually
want to show this in the case of an invalid private keys.

Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
2024-09-23 16:36:48 -04:00
Ryan Hendrickson
da332d678e libexpr: deprecate the bogus "or"-as-variable
As a prelude to making "or" work like a normal variable, emit a warning
any time the "fn or" production is used in a context that will change
how it is parsed when that production is refactored.

In detail: in the future, OR_KW will be moved to expr_simple, and the
cursed ExprCall production that is currently part of the expr_select
nonterminal will be generated "normally" in expr_app instead. Any
productions that accept an expr_select will be affected, except for the
expr_app nonterminal itself (because, while expr_app has a production
accepting a bare expr_select, its other production will continue to
accept "fn or" expressions). So all we need to do is emit an appropriate
warning when an expr_simple representing a cursed ExprCall is accepted
in one of those productions without first going through expr_app.

As the warning message describes, users can suppress the warning by
wrapping their problematic "fn or" expressions in parentheses. For
example, "f g or" can be made future-proof by rewriting it as
"f (g or)"; similarly "[ x y or ]" can be rewritten as "[ x (y or) ]",
etc. The parentheses preserve the current grouping behavior, as in the
future "f g or" will be parsed as "(f g) or", just like
"f g anything-else" is grouped. (Mechanically, this suppresses the
warning because the problem ExprCalls go through the
"expr_app : expr_select" production, which resets the cursed status on
the ExprCall.)
2024-09-20 15:57:36 -04:00
Robert Hensing
c75907e47b Revert "tests.installer: Load profile with -o unset"
I must have made a mistake while testing this, because nounset does
not work on any of the distributions.

This reverts commit 2f0db04da0.
2024-09-18 23:06:01 +02:00
Eelco Dolstra
59acf3b75c
Merge pull request #11532 from Mic92/macos-test-fix
tests/functional/shell: fix test in macOS devshell
2024-09-18 21:43:49 +02:00
Eelco Dolstra
96ee5450d9
Merge pull request #11529 from DeterminateSystems/test-ifd-in-chroot
Test IFD/filterSource in chroot stores
2024-09-18 21:20:04 +02:00
Jörg Thalheim
04a47e93f6 tests/functional/shell: fix test in macOS devshell 2024-09-18 20:51:15 +02:00
Eelco Dolstra
a673084733 Fix tests 2024-09-18 19:06:48 +02:00
Eelco Dolstra
d772a8b3dc shellcheck 2024-09-18 18:05:08 +02:00
Nikodem Rabuliński
8105307f0f Always initialize curl in parent process on darwin
Because of an objc quirk[1], calling curl_global_init for the first time
after fork() will always result in a crash.
Up until now the solution has been to set
OBJC_DISABLE_INITIALIZE_FORK_SAFETY for every nix process to ignore
that error.
This is less than ideal because we were setting it in package.nix,
which meant that running nix tests locally would fail because
that variable was not set.
Instead of working around that error we address it at the core -
by calling curl_global_init inside initLibStore, which should mean
curl will already have been initialized by the time we try to do so in
a forked process.

[1] 01edf1705f/runtime/objc-initialize.mm (L614-L636)

(cherry-picked and adapted from c7d97802e4)
2024-09-18 14:29:26 +02:00
Eelco Dolstra
8690b6f138 Test IFD/filterSource in a chroot
Relevant to #11503.
2024-09-18 12:42:20 +02:00
Jörg Thalheim
a20659f4fa unitests: fix tmpdir when running with meson on macOS 2024-09-17 19:15:01 +02:00
Jörg Thalheim
98db531df2 libstore-support: check that we can create the store 2024-09-17 18:46:50 +02:00