aboutsummaryrefslogtreecommitdiff
path: root/tests/hermetic.nix
diff options
context:
space:
mode:
authorJohn Ericson <John.Ericson@Obsidian.Systems>2023-05-15 17:41:51 -0400
committerJohn Ericson <John.Ericson@Obsidian.Systems>2023-05-15 17:41:51 -0400
commitd8ef0c949523324615b66059b3d48c4c445f478b (patch)
tree01ac4fe1143a548a1daae6bc50a681fa64a4c53d /tests/hermetic.nix
parent746c6aae3f4a2f80c730575bd6eca370efe58f2e (diff)
Add some tests for `drop-supplementary-groups`
Diffstat (limited to 'tests/hermetic.nix')
-rw-r--r--tests/hermetic.nix56
1 files changed, 56 insertions, 0 deletions
diff --git a/tests/hermetic.nix b/tests/hermetic.nix
new file mode 100644
index 000000000..4c9d7a51f
--- /dev/null
+++ b/tests/hermetic.nix
@@ -0,0 +1,56 @@
+{ busybox, seed }:
+
+with import ./config.nix;
+
+let
+ contentAddressedByDefault = builtins.getEnv "NIX_TESTS_CA_BY_DEFAULT" == "1";
+ caArgs = if contentAddressedByDefault then {
+ __contentAddressed = true;
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ } else {};
+
+ mkDerivation = args:
+ derivation ({
+ inherit system;
+ builder = busybox;
+ args = ["sh" "-e" args.builder or (builtins.toFile "builder-${args.name}.sh" "if [ -e .attrs.sh ]; then source .attrs.sh; fi; eval \"$buildCommand\"")];
+ } // removeAttrs args ["builder" "meta" "passthru"]
+ // caArgs)
+ // { meta = args.meta or {}; passthru = args.passthru or {}; };
+
+ input1 = mkDerivation {
+ shell = busybox;
+ name = "hermetic-input-1";
+ buildCommand = "echo hi-input1 seed=${toString seed}; echo FOO > $out";
+ };
+
+ input2 = mkDerivation {
+ shell = busybox;
+ name = "hermetic-input-2";
+ buildCommand = "echo hi; echo BAR > $out";
+ };
+
+ input3 = mkDerivation {
+ shell = busybox;
+ name = "hermetic-input-3";
+ buildCommand = ''
+ echo hi-input3
+ read x < ${input2}
+ echo $x BAZ > $out
+ '';
+ };
+
+in
+
+ mkDerivation {
+ shell = busybox;
+ name = "hermetic";
+ passthru = { inherit input1 input2 input3; };
+ buildCommand =
+ ''
+ read x < ${input1}
+ read y < ${input3}
+ echo "$x $y" > $out
+ '';
+ }