aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJohn Ericson <John.Ericson@Obsidian.Systems>2021-04-27 19:06:58 +0000
committerJohn Ericson <John.Ericson@Obsidian.Systems>2021-04-27 19:06:58 +0000
commite023c985d58094041e74ff59a51757bc75687ca7 (patch)
tree8865872040ac8752c8349b73fa71b82e80dc2584 /tests
parentd3cfc14e3a370116e5715d5de5f64ed34dd2f912 (diff)
parent906adadacd2d1c98346a2f42c0b42a32d2806d94 (diff)
Merge remote-tracking branch 'upstream/master' into auto-uid-allocation
Diffstat (limited to 'tests')
-rw-r--r--tests/binary-cache-build-remote.sh16
-rw-r--r--tests/binary-cache.sh68
-rw-r--r--tests/brotli.sh4
-rw-r--r--tests/build-hook-ca-fixed.nix56
-rw-r--r--tests/build-hook-ca-floating.nix (renamed from tests/build-hook-ca.nix)16
-rw-r--r--tests/build-remote-content-addressed-fixed.sh2
-rw-r--r--tests/build-remote-content-addressed-floating.sh7
-rw-r--r--tests/build-remote-input-addressed.sh28
-rw-r--r--tests/build-remote.sh3
-rw-r--r--tests/build.sh12
-rw-r--r--tests/ca/build.sh69
-rw-r--r--tests/ca/common.sh1
-rw-r--r--tests/ca/content-addressed.nix (renamed from tests/content-addressed.nix)33
-rwxr-xr-xtests/ca/nix-copy.sh34
-rw-r--r--tests/ca/signatures.sh39
-rw-r--r--tests/ca/substitute.sh24
-rw-r--r--tests/common.sh.in12
-rw-r--r--tests/compute-levels.sh7
-rw-r--r--tests/config.sh45
-rw-r--r--tests/content-addressed.sh27
-rw-r--r--tests/db-migration.sh26
-rw-r--r--tests/fetchGit.sh25
-rw-r--r--tests/fetchMercurial.sh3
-rw-r--r--tests/fetchurl.sh22
-rw-r--r--tests/flakes.sh78
-rw-r--r--tests/gc-auto.sh6
-rw-r--r--tests/github-flakes.nix46
-rw-r--r--tests/hash.sh10
-rw-r--r--tests/init.sh2
-rw-r--r--tests/lang/eval-okay-search-path.nix5
-rw-r--r--tests/linux-sandbox.sh4
-rw-r--r--tests/local.mk15
-rw-r--r--tests/misc.sh4
-rw-r--r--tests/multiple-outputs.sh2
-rw-r--r--tests/nar-access.sh26
-rw-r--r--tests/nix-build-examples.nix33
-rw-r--r--tests/nix-build.sh15
-rw-r--r--tests/nix-copy-closure.nix80
-rw-r--r--tests/nix-shell.sh24
-rw-r--r--tests/plugins.sh2
-rw-r--r--tests/pure-eval.sh10
-rwxr-xr-xtests/push-to-store.sh6
-rw-r--r--tests/recursive.sh4
-rw-r--r--tests/remote-builds.nix85
-rw-r--r--tests/remote-store.sh18
-rw-r--r--tests/setuid.nix198
-rw-r--r--tests/shell.nix2
-rw-r--r--tests/signing.sh48
-rw-r--r--tests/ssh-relay.sh2
-rw-r--r--tests/tarball.sh2
50 files changed, 937 insertions, 369 deletions
diff --git a/tests/binary-cache-build-remote.sh b/tests/binary-cache-build-remote.sh
new file mode 100644
index 000000000..81cd21a4a
--- /dev/null
+++ b/tests/binary-cache-build-remote.sh
@@ -0,0 +1,16 @@
+source common.sh
+
+clearStore
+clearCacheCache
+
+# Fails without remote builders
+(! nix-build --store "file://$cacheDir" dependencies.nix)
+
+# Succeeds with default store as build remote.
+outPath=$(nix-build --store "file://$cacheDir" --builders 'auto - - 1 1' -j0 dependencies.nix)
+
+# Test that the path exactly exists in the destination store.
+nix path-info --store "file://$cacheDir" $outPath
+
+# Succeeds without any build capability because no-op
+nix-build --store "file://$cacheDir" -j0 dependencies.nix
diff --git a/tests/binary-cache.sh b/tests/binary-cache.sh
index fe4ddec8d..6697ce236 100644
--- a/tests/binary-cache.sh
+++ b/tests/binary-cache.sh
@@ -1,15 +1,20 @@
source common.sh
+# We can produce drvs directly into the binary cache
clearStore
-clearCache
+clearCacheCache
+nix-instantiate --store "file://$cacheDir" dependencies.nix
# Create the binary cache.
+clearStore
+clearCache
outPath=$(nix-build dependencies.nix --no-out-link)
nix copy --to file://$cacheDir $outPath
-basicTests() {
+basicDownloadTests() {
+ # No uploading tests bcause upload with force HTTP doesn't work.
# By default, a binary cache doesn't support "nix-env -qas", but does
# support installation.
@@ -44,12 +49,12 @@ basicTests() {
# Test LocalBinaryCacheStore.
-basicTests
+basicDownloadTests
# Test HttpBinaryCacheStore.
export _NIX_FORCE_HTTP=1
-basicTests
+basicDownloadTests
# Test whether Nix notices if the NAR doesn't match the hash in the NAR info.
@@ -125,20 +130,18 @@ grep -q "copying path.*input-0" $TEST_ROOT/log
grep -q "copying path.*top" $TEST_ROOT/log
-if [ -n "$HAVE_SODIUM" ]; then
-
# Create a signed binary cache.
clearCache
clearCacheCache
-declare -a res=($(nix-store --generate-binary-cache-key test.nixos.org-1 $TEST_ROOT/sk1 $TEST_ROOT/pk1 ))
-publicKey="$(cat $TEST_ROOT/pk1)"
+nix key generate-secret --key-name test.nixos.org-1 > $TEST_ROOT/sk1
+publicKey=$(nix key convert-secret-to-public < $TEST_ROOT/sk1)
-res=($(nix-store --generate-binary-cache-key test.nixos.org-1 $TEST_ROOT/sk2 $TEST_ROOT/pk2))
-badKey="$(cat $TEST_ROOT/pk2)"
+nix key generate-secret --key-name test.nixos.org-1 > $TEST_ROOT/sk2
+badKey=$(nix key convert-secret-to-public < $TEST_ROOT/sk2)
-res=($(nix-store --generate-binary-cache-key foo.nixos.org-1 $TEST_ROOT/sk3 $TEST_ROOT/pk3))
-otherKey="$(cat $TEST_ROOT/pk3)"
+nix key generate-secret --key-name foo.nixos.org-1 > $TEST_ROOT/sk3
+otherKey=$(nix key convert-secret-to-public < $TEST_ROOT/sk3)
_NIX_FORCE_HTTP= nix copy --to file://$cacheDir?secret-key=$TEST_ROOT/sk1 $outPath
@@ -181,14 +184,12 @@ clearCacheCache
nix-store -r $outPath --substituters "file://$cacheDir2 file://$cacheDir" --trusted-public-keys "$publicKey"
-fi # HAVE_LIBSODIUM
-
unset _NIX_FORCE_HTTP
# Test 'nix verify --all' on a binary cache.
-nix verify -vvvvv --all --store file://$cacheDir --no-trust
+nix store verify -vvvvv --all --store file://$cacheDir --no-trust
# Test local NAR caching.
@@ -196,13 +197,13 @@ narCache=$TEST_ROOT/nar-cache
rm -rf $narCache
mkdir $narCache
-[[ $(nix cat-store --store "file://$cacheDir?local-nar-cache=$narCache" $outPath/foobar) = FOOBAR ]]
+[[ $(nix store cat --store "file://$cacheDir?local-nar-cache=$narCache" $outPath/foobar) = FOOBAR ]]
rm -rfv "$cacheDir/nar"
-[[ $(nix cat-store --store "file://$cacheDir?local-nar-cache=$narCache" $outPath/foobar) = FOOBAR ]]
+[[ $(nix store cat --store "file://$cacheDir?local-nar-cache=$narCache" $outPath/foobar) = FOOBAR ]]
-(! nix cat-store --store file://$cacheDir $outPath/foobar)
+(! nix store cat --store file://$cacheDir $outPath/foobar)
# Test NAR listing generation.
@@ -239,3 +240,34 @@ nix copy --to "file://$cacheDir?index-debug-info=1&compression=none" $outPath
diff -u \
<(cat $cacheDir/debuginfo/02623eda209c26a59b1a8638ff7752f6b945c26b.debug | jq -S) \
<(echo '{"archive":"../nar/100vxs724qr46phz8m24iswmg9p3785hsyagz0kchf6q6gf06sw6.nar","member":"lib/debug/.build-id/02/623eda209c26a59b1a8638ff7752f6b945c26b.debug"}' | jq -S)
+
+# Test against issue https://github.com/NixOS/nix/issues/3964
+#
+expr='
+ with import ./config.nix;
+ mkDerivation {
+ name = "multi-output";
+ buildCommand = "mkdir -p $out; echo foo > $doc; echo $doc > $out/docref";
+ outputs = ["out" "doc"];
+ }
+'
+outPath=$(nix-build --no-out-link -E "$expr")
+docPath=$(nix-store -q --references $outPath)
+
+# $ nix-store -q --tree $outPath
+# ...-multi-output
+# +---...-multi-output-doc
+
+nix copy --to "file://$cacheDir" $outPath
+
+hashpart() {
+ basename "$1" | cut -c1-32
+}
+
+# break the closure of out by removing doc
+rm $cacheDir/$(hashpart $docPath).narinfo
+
+nix-store --delete $outPath $docPath
+# -vvv is the level that logs during the loop
+timeout 60 nix-build --no-out-link -E "$expr" --option substituters "file://$cacheDir" \
+ --option trusted-binary-caches "file://$cacheDir" --no-require-sigs
diff --git a/tests/brotli.sh b/tests/brotli.sh
index a3c6e55a8..dc9bbdb66 100644
--- a/tests/brotli.sh
+++ b/tests/brotli.sh
@@ -9,13 +9,13 @@ outPath=$(nix-build dependencies.nix --no-out-link)
nix copy --to $cacheURI $outPath
-HASH=$(nix hash-path $outPath)
+HASH=$(nix hash path $outPath)
clearStore
clearCacheCache
nix copy --from $cacheURI $outPath --no-check-sigs
-HASH2=$(nix hash-path $outPath)
+HASH2=$(nix hash path $outPath)
[[ $HASH = $HASH2 ]]
diff --git a/tests/build-hook-ca-fixed.nix b/tests/build-hook-ca-fixed.nix
new file mode 100644
index 000000000..ec7171ac9
--- /dev/null
+++ b/tests/build-hook-ca-fixed.nix
@@ -0,0 +1,56 @@
+{ busybox }:
+
+with import ./config.nix;
+
+let
+
+ mkDerivation = args:
+ derivation ({
+ inherit system;
+ builder = busybox;
+ args = ["sh" "-e" args.builder or (builtins.toFile "builder-${args.name}.sh" "if [ -e .attrs.sh ]; then source .attrs.sh; fi; eval \"$buildCommand\"")];
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ } // removeAttrs args ["builder" "meta"])
+ // { meta = args.meta or {}; };
+
+ input1 = mkDerivation {
+ shell = busybox;
+ name = "build-remote-input-1";
+ buildCommand = "echo FOO > $out";
+ requiredSystemFeatures = ["foo"];
+ outputHash = "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=";
+ };
+
+ input2 = mkDerivation {
+ shell = busybox;
+ name = "build-remote-input-2";
+ buildCommand = "echo BAR > $out";
+ requiredSystemFeatures = ["bar"];
+ outputHash = "sha256-XArauVH91AVwP9hBBQNlkX9ccuPpSYx9o0zeIHb6e+Q=";
+ };
+
+ input3 = mkDerivation {
+ shell = busybox;
+ name = "build-remote-input-3";
+ buildCommand = ''
+ read x < ${input2}
+ echo $x BAZ > $out
+ '';
+ requiredSystemFeatures = ["baz"];
+ outputHash = "sha256-daKAcPp/+BYMQsVi/YYMlCKoNAxCNDsaivwSHgQqD2s=";
+ };
+
+in
+
+ mkDerivation {
+ shell = busybox;
+ name = "build-remote";
+ buildCommand =
+ ''
+ read x < ${input1}
+ read y < ${input3}
+ echo "$x $y" > $out
+ '';
+ outputHash = "sha256-5SxbkUw6xe2l9TE1uwCvTtTDysD1vhRor38OtDF0LqQ=";
+ }
diff --git a/tests/build-hook-ca.nix b/tests/build-hook-ca-floating.nix
index 98db473fc..67295985f 100644
--- a/tests/build-hook-ca.nix
+++ b/tests/build-hook-ca-floating.nix
@@ -11,6 +11,7 @@ let
args = ["sh" "-e" args.builder or (builtins.toFile "builder-${args.name}.sh" "if [ -e .attrs.sh ]; then source .attrs.sh; fi; eval \"$buildCommand\"")];
outputHashMode = "recursive";
outputHashAlgo = "sha256";
+ __contentAddressed = true;
} // removeAttrs args ["builder" "meta"])
// { meta = args.meta or {}; };
@@ -19,7 +20,6 @@ let
name = "build-remote-input-1";
buildCommand = "echo FOO > $out";
requiredSystemFeatures = ["foo"];
- outputHash = "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=";
};
input2 = mkDerivation {
@@ -27,7 +27,16 @@ let
name = "build-remote-input-2";
buildCommand = "echo BAR > $out";
requiredSystemFeatures = ["bar"];
- outputHash = "sha256-XArauVH91AVwP9hBBQNlkX9ccuPpSYx9o0zeIHb6e+Q=";
+ };
+
+ input3 = mkDerivation {
+ shell = busybox;
+ name = "build-remote-input-3";
+ buildCommand = ''
+ read x < ${input2}
+ echo $x BAZ > $out
+ '';
+ requiredSystemFeatures = ["baz"];
};
in
@@ -38,8 +47,7 @@ in
buildCommand =
''
read x < ${input1}
- read y < ${input2}
+ read y < ${input3}
echo "$x $y" > $out
'';
- outputHash = "sha256-3YGhlOfbGUm9hiPn2teXXTT8M1NEpDFvfXkxMaJRld0=";
}
diff --git a/tests/build-remote-content-addressed-fixed.sh b/tests/build-remote-content-addressed-fixed.sh
index 1408a19d5..ae7441591 100644
--- a/tests/build-remote-content-addressed-fixed.sh
+++ b/tests/build-remote-content-addressed-fixed.sh
@@ -1,5 +1,5 @@
source common.sh
-file=build-hook-ca.nix
+file=build-hook-ca-fixed.nix
source build-remote.sh
diff --git a/tests/build-remote-content-addressed-floating.sh b/tests/build-remote-content-addressed-floating.sh
new file mode 100644
index 000000000..7447d92bd
--- /dev/null
+++ b/tests/build-remote-content-addressed-floating.sh
@@ -0,0 +1,7 @@
+source common.sh
+
+file=build-hook-ca-floating.nix
+
+sed -i 's/experimental-features .*/& ca-derivations/' "$NIX_CONF_DIR"/nix.conf
+
+source build-remote.sh
diff --git a/tests/build-remote-input-addressed.sh b/tests/build-remote-input-addressed.sh
index b34caa061..49d15c389 100644
--- a/tests/build-remote-input-addressed.sh
+++ b/tests/build-remote-input-addressed.sh
@@ -3,3 +3,31 @@ source common.sh
file=build-hook.nix
source build-remote.sh
+
+# Add a `post-build-hook` option to the nix conf.
+# This hook will be executed both for the local machine and the remote builders
+# (because they share the same config).
+registerBuildHook () {
+ # Dummy post-build-hook just to ensure that it's executed correctly.
+ # (we can't reuse the one from `$PWD/push-to-store.sh` because of
+ # https://github.com/NixOS/nix/issues/4341)
+ cat <<EOF > $TEST_ROOT/post-build-hook.sh
+#!/bin/sh
+
+echo "Post hook ran successfully"
+# Add an empty line to a counter file, just to check that this hook ran properly
+echo "" >> $TEST_ROOT/post-hook-counter
+EOF
+ chmod +x $TEST_ROOT/post-build-hook.sh
+ rm -f $TEST_ROOT/post-hook-counter
+
+ echo "post-build-hook = $TEST_ROOT/post-build-hook.sh" >> $NIX_CONF_DIR/nix.conf
+}
+
+registerBuildHook
+source build-remote.sh
+
+# `build-hook.nix` has four derivations to build, and the hook runs twice for
+# each derivation (once on the builder and once on the host), so the counter
+# should contain eight lines now
+[[ $(cat $TEST_ROOT/post-hook-counter | wc -l) -eq 8 ]]
diff --git a/tests/build-remote.sh b/tests/build-remote.sh
index ca6d1de09..04848e4b5 100644
--- a/tests/build-remote.sh
+++ b/tests/build-remote.sh
@@ -14,6 +14,9 @@ builders=(
"ssh-ng://localhost?remote-store=$TEST_ROOT/machine3?system-features=baz - - 1 1 baz"
)
+chmod -R +w $TEST_ROOT/machine* || true
+rm -rf $TEST_ROOT/machine* || true
+
# Note: ssh://localhost bypasses ssh, directly invoking nix-store as a
# child process. This allows us to test LegacySSHStore::buildDerivation().
# ssh-ng://... likewise allows us to test RemoteStore::buildDerivation().
diff --git a/tests/build.sh b/tests/build.sh
new file mode 100644
index 000000000..aa54b88eb
--- /dev/null
+++ b/tests/build.sh
@@ -0,0 +1,12 @@
+source common.sh
+
+expectedJSONRegex='\[\{"drvPath":".*multiple-outputs-a.drv","outputs":\{"first":".*multiple-outputs-a-first","second":".*multiple-outputs-a-second"}},\{"drvPath":".*multiple-outputs-b.drv","outputs":\{"out":".*multiple-outputs-b"}}]'
+nix build -f multiple-outputs.nix --json a.all b.all | jq --exit-status '
+ (.[0] |
+ (.drvPath | match(".*multiple-outputs-a.drv")) and
+ (.outputs.first | match(".*multiple-outputs-a-first")) and
+ (.outputs.second | match(".*multiple-outputs-a-second")))
+ and (.[1] |
+ (.drvPath | match(".*multiple-outputs-b.drv")) and
+ (.outputs.out | match(".*multiple-outputs-b")))
+'
diff --git a/tests/ca/build.sh b/tests/ca/build.sh
new file mode 100644
index 000000000..35bf1dcf7
--- /dev/null
+++ b/tests/ca/build.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+source common.sh
+
+drv=$(nix-instantiate --experimental-features ca-derivations ./content-addressed.nix -A rootCA --arg seed 1)
+nix --experimental-features 'nix-command ca-derivations' show-derivation --derivation "$drv" --arg seed 1
+
+buildAttr () {
+ local derivationPath=$1
+ local seedValue=$2
+ shift; shift
+ local args=("--experimental-features" "ca-derivations" "./content-addressed.nix" "-A" "$derivationPath" --arg seed "$seedValue" "--no-out-link")
+ args+=("$@")
+ nix-build "${args[@]}"
+}
+
+testRemoteCache () {
+ clearCache
+ local outPath=$(buildAttr dependentNonCA 1)
+ nix copy --to file://$cacheDir $outPath
+ clearStore
+ buildAttr dependentNonCA 1 --option substituters file://$cacheDir --no-require-sigs |& (! grep "building dependent-non-ca")
+}
+
+testDeterministicCA () {
+ [[ $(buildAttr rootCA 1) = $(buildAttr rootCA 2) ]]
+}
+
+testCutoffFor () {
+ local out1 out2
+ out1=$(buildAttr $1 1)
+ # The seed only changes the root derivation, and not it's output, so the
+ # dependent derivations should only need to be built once.
+ buildAttr rootCA 2
+ out2=$(buildAttr $1 2 -j0)
+ test "$out1" == "$out2"
+}
+
+testCutoff () {
+ # Don't directly build depenentCA, that way we'll make sure we dodn't rely on
+ # dependent derivations always being already built.
+ #testDerivation dependentCA
+ testCutoffFor transitivelyDependentCA
+ testCutoffFor dependentNonCA
+ testCutoffFor dependentFixedOutput
+}
+
+testGC () {
+ nix-instantiate --experimental-features ca-derivations ./content-addressed.nix -A rootCA --arg seed 5
+ nix-collect-garbage --experimental-features ca-derivations --option keep-derivations true
+ clearStore
+ buildAttr rootCA 1 --out-link $TEST_ROOT/rootCA
+ nix-collect-garbage --experimental-features ca-derivations
+ buildAttr rootCA 1 -j0
+}
+
+testNixCommand () {
+ clearStore
+ nix build --experimental-features 'nix-command ca-derivations' --file ./content-addressed.nix --no-link
+}
+
+# Disabled until we have it properly working
+# testRemoteCache
+clearStore
+testDeterministicCA
+clearStore
+testCutoff
+testGC
+testNixCommand
diff --git a/tests/ca/common.sh b/tests/ca/common.sh
new file mode 100644
index 000000000..e083d873c
--- /dev/null
+++ b/tests/ca/common.sh
@@ -0,0 +1 @@
+source ../common.sh
diff --git a/tests/content-addressed.nix b/tests/ca/content-addressed.nix
index 3dcf916c3..e5b1c4de3 100644
--- a/tests/content-addressed.nix
+++ b/tests/ca/content-addressed.nix
@@ -1,4 +1,4 @@
-with import ./config.nix;
+with import ../config.nix;
{ seed ? 0 }:
# A simple content-addressed derivation.
@@ -15,15 +15,17 @@ rec {
'';
};
rootCA = mkDerivation {
- name = "dependent";
- outputs = [ "out" "dev" ];
+ name = "rootCA";
+ outputs = [ "out" "dev" "foo"];
buildCommand = ''
echo "building a CA derivation"
echo "The seed is ${toString seed}"
mkdir -p $out
echo ${rootLegacy}/hello > $out/dep
- # test symlink at root
+ ln -s $out $out/self
+ # test symlinks at root
ln -s $out $dev
+ ln -s $out $foo
'';
__contentAddressed = true;
outputHashMode = "recursive";
@@ -34,7 +36,8 @@ rec {
buildCommand = ''
echo "building a dependent derivation"
mkdir -p $out
- echo ${rootCA}/hello > $out/dep
+ cat ${rootCA}/self/dep
+ echo ${rootCA}/self/dep > $out/dep
'';
__contentAddressed = true;
outputHashMode = "recursive";
@@ -51,4 +54,24 @@ rec {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
};
+ dependentNonCA = mkDerivation {
+ name = "dependent-non-ca";
+ buildCommand = ''
+ echo "Didn't cut-off"
+ echo "building dependent-non-ca"
+ mkdir -p $out
+ echo ${rootCA}/non-ca-hello > $out/dep
+ '';
+ };
+ dependentFixedOutput = mkDerivation {
+ name = "dependent-fixed-output";
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ outputHash = "sha256-QvtAMbUl/uvi+LCObmqOhvNOapHdA2raiI4xG5zI5pA=";
+ buildCommand = ''
+ cat ${dependentCA}/dep
+ echo foo > $out
+ '';
+
+ };
}
diff --git a/tests/ca/nix-copy.sh b/tests/ca/nix-copy.sh
new file mode 100755
index 000000000..2e0dea2d2
--- /dev/null
+++ b/tests/ca/nix-copy.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+source common.sh
+
+# Globally enable the ca derivations experimental flag
+sed -i 's/experimental-features = .*/& ca-derivations ca-references/' "$NIX_CONF_DIR/nix.conf"
+
+export REMOTE_STORE_DIR="$TEST_ROOT/remote_store"
+export REMOTE_STORE="file://$REMOTE_STORE_DIR"
+
+ensureCorrectlyCopied () {
+ attrPath="$1"
+ nix build --store "$REMOTE_STORE" --file ./content-addressed.nix "$attrPath"
+}
+
+testOneCopy () {
+ clearStore
+ rm -rf "$REMOTE_STORE_DIR"
+
+ attrPath="$1"
+ nix copy --to $REMOTE_STORE "$attrPath" --file ./content-addressed.nix
+
+ ensureCorrectlyCopied "$attrPath"
+
+ # Ensure that we can copy back what we put in the store
+ clearStore
+ nix copy --from $REMOTE_STORE \
+ --file ./content-addressed.nix "$attrPath" \
+ --no-check-sigs
+}
+
+for attrPath in rootCA dependentCA transitivelyDependentCA dependentNonCA dependentFixedOutput; do
+ testOneCopy "$attrPath"
+done
diff --git a/tests/ca/signatures.sh b/tests/ca/signatures.sh
new file mode 100644
index 000000000..4b4e468f7
--- /dev/null
+++ b/tests/ca/signatures.sh
@@ -0,0 +1,39 @@
+source common.sh
+
+# Globally enable the ca derivations experimental flag
+sed -i 's/experimental-features = .*/& ca-derivations ca-references/' "$NIX_CONF_DIR/nix.conf"
+
+clearStore
+clearCache
+
+nix-store --generate-binary-cache-key cache1.example.org $TEST_ROOT/sk1 $TEST_ROOT/pk1
+pk1=$(cat $TEST_ROOT/pk1)
+
+export REMOTE_STORE_DIR="$TEST_ROOT/remote_store"
+export REMOTE_STORE="file://$REMOTE_STORE_DIR"
+
+ensureCorrectlyCopied () {
+ attrPath="$1"
+ nix build --store "$REMOTE_STORE" --file ./content-addressed.nix "$attrPath"
+}
+
+testOneCopy () {
+ clearStore
+ rm -rf "$REMOTE_STORE_DIR"
+
+ attrPath="$1"
+ nix copy --to $REMOTE_STORE "$attrPath" --file ./content-addressed.nix \
+ --secret-key-files "$TEST_ROOT/sk1"
+
+ ensureCorrectlyCopied "$attrPath"
+
+ # Ensure that we can copy back what we put in the store
+ clearStore
+ nix copy --from $REMOTE_STORE \
+ --file ./content-addressed.nix "$attrPath" \
+ --trusted-public-keys $pk1
+}
+
+for attrPath in rootCA dependentCA transitivelyDependentCA dependentNonCA dependentFixedOutput; do
+ testOneCopy "$attrPath"
+done
diff --git a/tests/ca/substitute.sh b/tests/ca/substitute.sh
new file mode 100644
index 000000000..b44fe499a
--- /dev/null
+++ b/tests/ca/substitute.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Ensure that binary substitution works properly with ca derivations
+
+source common.sh
+
+sed -i 's/experimental-features .*/& ca-derivations ca-references/' "$NIX_CONF_DIR"/nix.conf
+
+rm -rf $TEST_ROOT/binary_cache
+
+export REMOTE_STORE=file://$TEST_ROOT/binary_cache
+
+buildDrvs () {
+ nix build --file ./content-addressed.nix -L --no-link "$@"
+}
+
+# Populate the remote cache
+clearStore
+buildDrvs --post-build-hook ../push-to-store.sh
+
+# Restart the build on an empty store, ensuring that we don't build
+clearStore
+buildDrvs --substitute --substituters $REMOTE_STORE --no-require-sigs -j0
+
diff --git a/tests/common.sh.in b/tests/common.sh.in
index 5e00d64f1..d31d3fbb8 100644
--- a/tests/common.sh.in
+++ b/tests/common.sh.in
@@ -11,7 +11,7 @@ export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
export NIX_STATE_DIR=$TEST_ROOT/var/nix
export NIX_CONF_DIR=$TEST_ROOT/etc
-export NIX_DAEMON_SOCKET_PATH=$TEST_ROOT/daemon-socket
+export NIX_DAEMON_SOCKET_PATH=$TEST_ROOT/dSocket
unset NIX_USER_CONF_FILES
export _NIX_TEST_SHARED=$TEST_ROOT/shared
if [[ -n $NIX_STORE ]]; then
@@ -29,12 +29,17 @@ unset XDG_CACHE_HOME
mkdir -p $TEST_HOME
export PATH=@bindir@:$PATH
+if [[ -n "${NIX_CLIENT_PACKAGE:-}" ]]; then
+ export PATH="$NIX_CLIENT_PACKAGE/bin":$PATH
+fi
+if [[ -n "${NIX_DAEMON_PACKAGE:-}" ]]; then
+ export NIX_DAEMON_COMMAND="$NIX_DAEMON_PACKAGE/bin/nix-daemon"
+fi
coreutils=@coreutils@
export dot=@dot@
export SHELL="@bash@"
export PAGER=cat
-export HAVE_SODIUM="@HAVE_SODIUM@"
export busybox="@sandbox_shell@"
export version=@PACKAGE_VERSION@
@@ -58,7 +63,6 @@ clearStore() {
mkdir "$NIX_STORE_DIR"
rm -rf "$NIX_STATE_DIR"
mkdir "$NIX_STATE_DIR"
- nix-store --init
clearProfiles
}
@@ -74,7 +78,7 @@ startDaemon() {
# Start the daemon, wait for the socket to appear. !!!
# ‘nix-daemon’ should have an option to fork into the background.
rm -f $NIX_STATE_DIR/daemon-socket/socket
- nix-daemon &
+ ${NIX_DAEMON_COMMAND:-nix daemon} &
for ((i = 0; i < 30; i++)); do
if [ -e $NIX_DAEMON_SOCKET_PATH ]; then break; fi
sleep 1
diff --git a/tests/compute-levels.sh b/tests/compute-levels.sh
new file mode 100644
index 000000000..e4322dfa1
--- /dev/null
+++ b/tests/compute-levels.sh
@@ -0,0 +1,7 @@
+source common.sh
+
+if [[ $(uname -ms) = "Linux x86_64" ]]; then
+ # x86_64 CPUs must always support the baseline
+ # microarchitecture level.
+ nix -vv --version | grep -q "x86_64-v1-linux"
+fi
diff --git a/tests/config.sh b/tests/config.sh
index 8fa349f11..01c78f2c3 100644
--- a/tests/config.sh
+++ b/tests/config.sh
@@ -1,18 +1,53 @@
source common.sh
+# Isolate the home for this test.
+# Other tests (e.g. flake registry tests) could be writing to $HOME in parallel.
+export HOME=$TEST_ROOT/userhome
+
+# Test that using XDG_CONFIG_HOME works
+# Assert the config folder didn't exist initially.
+[ ! -e "$HOME/.config" ]
+# Without XDG_CONFIG_HOME, creates $HOME/.config
+unset XDG_CONFIG_HOME
+# Run against the nix registry to create the config dir
+# (Tip: this relies on removing non-existent entries being a no-op!)
+nix registry remove userhome-without-xdg
+# Verifies it created it
+[ -e "$HOME/.config" ]
+# Remove the directory it created
+rm -rf "$HOME/.config"
+# Run the same test, but with XDG_CONFIG_HOME
+export XDG_CONFIG_HOME=$TEST_ROOT/confighome
+# Assert the XDG_CONFIG_HOME/nix path does not exist yet.
+[ ! -e "$TEST_ROOT/confighome/nix" ]
+nix registry remove userhome-with-xdg
+# Verifies the confighome path has been created
+[ -e "$TEST_ROOT/confighome/nix" ]
+# Assert the .config folder hasn't been created.
+[ ! -e "$HOME/.config" ]
+
# Test that files are loaded from XDG by default
-export XDG_CONFIG_HOME=/tmp/home
-export XDG_CONFIG_DIRS=/tmp/dir1:/tmp/dir2
+export XDG_CONFIG_HOME=$TEST_ROOT/confighome
+export XDG_CONFIG_DIRS=$TEST_ROOT/dir1:$TEST_ROOT/dir2
files=$(nix-build --verbose --version | grep "User config" | cut -d ':' -f2- | xargs)
-[[ $files == "/tmp/home/nix/nix.conf:/tmp/dir1/nix/nix.conf:/tmp/dir2/nix/nix.conf" ]]
+[[ $files == "$TEST_ROOT/confighome/nix/nix.conf:$TEST_ROOT/dir1/nix/nix.conf:$TEST_ROOT/dir2/nix/nix.conf" ]]
# Test that setting NIX_USER_CONF_FILES overrides all the default user config files
-export NIX_USER_CONF_FILES=/tmp/file1.conf:/tmp/file2.conf
+export NIX_USER_CONF_FILES=$TEST_ROOT/file1.conf:$TEST_ROOT/file2.conf
files=$(nix-build --verbose --version | grep "User config" | cut -d ':' -f2- | xargs)
-[[ $files == "/tmp/file1.conf:/tmp/file2.conf" ]]
+[[ $files == "$TEST_ROOT/file1.conf:$TEST_ROOT/file2.conf" ]]
# Test that it's possible to load the config from a custom location
here=$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")
export NIX_USER_CONF_FILES=$here/config/nix-with-substituters.conf
var=$(nix show-config | grep '^substituters =' | cut -d '=' -f 2 | xargs)
[[ $var == https://example.com ]]
+
+# Test that it's possible to load config from the environment
+prev=$(nix show-config | grep '^cores' | cut -d '=' -f 2 | xargs)
+export NIX_CONFIG="cores = 4242"$'\n'"experimental-features = nix-command flakes"
+exp_cores=$(nix show-config | grep '^cores' | cut -d '=' -f 2 | xargs)
+exp_features=$(nix show-config | grep '^experimental-features' | cut -d '=' -f 2 | xargs)
+[[ $prev != $exp_cores ]]
+[[ $exp_cores == "4242" ]]
+[[ $exp_features == "nix-command flakes" ]]
diff --git a/tests/content-addressed.sh b/tests/content-addressed.sh
deleted file mode 100644
index 61ec03fe3..000000000
--- a/tests/content-addressed.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/usr/bin/env bash
-
-source common.sh
-
-drv=$(nix-instantiate --experimental-features ca-derivations ./content-addressed.nix -A rootCA --arg seed 1)
-nix --experimental-features 'nix-command ca-derivations' show-derivation --derivation "$drv" --arg seed 1
-
-testDerivation () {
- local derivationPath=$1
- local commonArgs=("--experimental-features" "ca-derivations" "./content-addressed.nix" "-A" "$derivationPath" "--no-out-link")
- local out1 out2
- out1=$(nix-build "${commonArgs[@]}" --arg seed 1)
- out2=$(nix-build "${commonArgs[@]}" --arg seed 2 "${secondSeedArgs[@]}")
- test "$out1" == "$out2"
-}
-
-testDerivation rootCA
-# The seed only changes the root derivation, and not it's output, so the
-# dependent derivations should only need to be built once.
-secondSeedArgs=(-j0)
-# Don't directly build depenentCA, that way we'll make sure we dodn't rely on
-# dependent derivations always being already built.
-#testDerivation dependentCA
-testDerivation transitivelyDependentCA
-
-nix-instantiate --experimental-features ca-derivations ./content-addressed.nix -A rootCA --arg seed 5
-nix-collect-garbage --experimental-features ca-derivations --option keep-derivations true
diff --git a/tests/db-migration.sh b/tests/db-migration.sh
new file mode 100644
index 000000000..e0ff7d311
--- /dev/null
+++ b/tests/db-migration.sh
@@ -0,0 +1,26 @@
+# Test that we can successfully migrate from an older db schema
+
+# Only run this if we have an older Nix available
+# XXX: This assumes that the `daemon` package is older than the `client` one
+if [[ -z "$NIX_DAEMON_PACKAGE" ]]; then
+ exit 0
+fi
+
+source common.sh
+
+# Fill the db using the older Nix
+PATH_WITH_NEW_NIX="$PATH"
+export PATH="$NIX_DAEMON_PACKAGE/bin:$PATH"
+clearStore
+nix-build simple.nix --no-out-link
+nix-store --generate-binary-cache-key cache1.example.org $TEST_ROOT/sk1 $TEST_ROOT/pk1
+dependenciesOutPath=$(nix-build dependencies.nix --no-out-link --secret-key-files "$TEST_ROOT/sk1")
+fixedOutPath=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build fixed.nix -A good.0 --no-out-link)
+
+# Migrate to the new schema and ensure that everything's there
+export PATH="$PATH_WITH_NEW_NIX"
+info=$(nix path-info --json $dependenciesOutPath)
+[[ $info =~ '"ultimate":true' ]]
+[[ $info =~ 'cache1.example.org' ]]
+nix verify -r "$fixedOutPath"
+nix verify -r "$dependenciesOutPath" --sigs-needed 1 --trusted-public-keys $(cat $TEST_ROOT/pk1)
diff --git a/tests/fetchGit.sh b/tests/fetchGit.sh
index cedd796f7..88744ee7f 100644
--- a/tests/fetchGit.sh
+++ b/tests/fetchGit.sh
@@ -41,6 +41,19 @@ export _NIX_FORCE_HTTP=1
path=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
[[ $(cat $path/hello) = world ]]
+# Fetch a rev from another branch
+git -C $repo checkout -b devtest
+echo "different file" >> $TEST_ROOT/git/differentbranch
+git -C $repo add differentbranch
+git -C $repo commit -m 'Test2'
+git -C $repo checkout master
+devrev=$(git -C $repo rev-parse devtest)
+out=$(nix eval --impure --raw --expr "builtins.fetchGit { url = file://$repo; rev = \"$devrev\"; }" 2>&1) || status=$?
+[[ $status == 1 ]]
+[[ $out =~ 'Cannot find Git revision' ]]
+
+[[ $(nix eval --raw --expr "builtins.readFile (builtins.fetchGit { url = file://$repo; rev = \"$devrev\"; allRefs = true; } + \"/differentbranch\")") = 'different file' ]]
+
# In pure eval mode, fetchGit without a revision should fail.
[[ $(nix eval --impure --raw --expr "builtins.readFile (fetchGit file://$repo + \"/hello\")") = world ]]
(! nix eval --raw --expr "builtins.readFile (fetchGit file://$repo + \"/hello\")")
@@ -59,6 +72,7 @@ path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath
[[ $(nix eval --impure --expr "(builtins.fetchGit file://$repo).revCount") = 2 ]]
[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).shortRev") = ${rev2:0:7} ]]
# Fetching with a explicit hash should succeed.
path2=$(nix eval --refresh --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
@@ -132,6 +146,7 @@ path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath
path3=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
# (check dirty-tree handling was used)
[[ $(nix eval --impure --raw --expr "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit $repo).shortRev") = 0000000 ]]
# Committing shouldn't change store path, or switch to using 'master'
git -C $repo commit -m 'Bla5' -a
@@ -164,3 +179,13 @@ git clone --depth 1 file://$repo $TEST_ROOT/shallow
path6=$(nix eval --impure --raw --expr "(builtins.fetchTree { type = \"git\"; url = \"file://$TEST_ROOT/shallow\"; ref = \"dev\"; shallow = true; }).outPath")
[[ $path3 = $path6 ]]
[[ $(nix eval --impure --expr "(builtins.fetchTree { type = \"git\"; url = \"file://$TEST_ROOT/shallow\"; ref = \"dev\"; shallow = true; }).revCount or 123") == 123 ]]
+
+# Explicit ref = "HEAD" should work, and produce the same outPath as without ref
+path7=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = \"file://$repo\"; ref = \"HEAD\"; }).outPath")
+path8=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = \"file://$repo\"; }).outPath")
+[[ $path7 = $path8 ]]
+
+# ref = "HEAD" should fetch the HEAD revision
+rev4=$(git -C $repo rev-parse HEAD)
+rev4_nix=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = \"file://$repo\"; ref = \"HEAD\"; }).rev")
+[[ $rev4 = $rev4_nix ]]
diff --git a/tests/fetchMercurial.sh b/tests/fetchMercurial.sh
index af8ef8d5b..d8a4e09d2 100644
--- a/tests/fetchMercurial.sh
+++ b/tests/fetchMercurial.sh
@@ -15,6 +15,9 @@ hg init $repo
echo '[ui]' >> $repo/.hg/hgrc
echo 'username = Foobar <foobar@example.org>' >> $repo/.hg/hgrc
+# Set ui.tweakdefaults to ensure HGPLAIN is being set.
+echo 'tweakdefaults = True' >> $repo/.hg/hgrc
+
echo utrecht > $repo/hello
touch $repo/.hgignore
hg add --cwd $repo hello .hgignore
diff --git a/tests/fetchurl.sh b/tests/fetchurl.sh
index 0f2044342..cd84e9a4c 100644
--- a/tests/fetchurl.sh
+++ b/tests/fetchurl.sh
@@ -5,27 +5,27 @@ clearStore
# Test fetching a flat file.
hash=$(nix-hash --flat --type sha256 ./fetchurl.sh)
-outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha256 $hash --no-out-link)
+outPath=$(nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha256 $hash --no-out-link)
cmp $outPath fetchurl.sh
# Now using a base-64 hash.
clearStore
-hash=$(nix hash-file --type sha512 --base64 ./fetchurl.sh)
+hash=$(nix hash file --type sha512 --base64 ./fetchurl.sh)
-outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha512 $hash --no-out-link)
+outPath=$(nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr sha512 $hash --no-out-link)
cmp $outPath fetchurl.sh
# Now using an SRI hash.
clearStore
-hash=$(nix hash-file ./fetchurl.sh)
+hash=$(nix hash file ./fetchurl.sh)
[[ $hash =~ ^sha256- ]]
-outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr hash $hash --no-out-link)
+outPath=$(nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file://$(pwd)/fetchurl.sh --argstr hash $hash --no-out-link)
cmp $outPath fetchurl.sh
@@ -34,14 +34,14 @@ clearStore
other_store=file://$TEST_ROOT/other_store?store=/fnord/store
-hash=$(nix hash-file --type sha256 --base16 ./fetchurl.sh)
+hash=$(nix hash file --type sha256 --base16 ./fetchurl.sh)
-storePath=$(nix --store $other_store add-to-store --flat ./fetchurl.sh)
+storePath=$(nix --store $other_store store add-file ./fetchurl.sh)
-outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file:///no-such-dir/fetchurl.sh --argstr sha256 $hash --no-out-link --substituters $other_store)
+outPath=$(nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file:///no-such-dir/fetchurl.sh --argstr sha256 $hash --no-out-link --substituters $other_store)
# Test hashed mirrors with an SRI hash.
-nix-build '<nix/fetchurl.nix>' --argstr url file:///no-such-dir/fetchurl.sh --argstr hash $(nix to-sri --type sha256 $hash) \
+nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file:///no-such-dir/fetchurl.sh --argstr hash $(nix hash to-sri --type sha256 $hash) \
--no-out-link --substituters $other_store
# Test unpacking a NAR.
@@ -55,7 +55,7 @@ nix-store --dump $TEST_ROOT/archive > $nar
hash=$(nix-hash --flat --type sha256 $nar)
-outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$nar --argstr sha256 $hash \
+outPath=$(nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file://$nar --argstr sha256 $hash \
--arg unpack true --argstr name xyzzy --no-out-link)
echo $outPath | grep -q 'xyzzy'
@@ -69,7 +69,7 @@ nix-store --delete $outPath
narxz=$TEST_ROOT/archive.nar.xz
rm -f $narxz
xz --keep $nar
-outPath=$(nix-build '<nix/fetchurl.nix>' --argstr url file://$narxz --argstr sha256 $hash \
+outPath=$(nix-build --expr 'import <nix/fetchurl.nix>' --argstr url file://$narxz --argstr sha256 $hash \
--arg unpack true --argstr name xyzzy --no-out-link)
test -x $outPath/fetchurl.sh
diff --git a/tests/flakes.sh b/tests/flakes.sh
index 5aec563ac..e78e4a39d 100644
--- a/tests/flakes.sh
+++ b/tests/flakes.sh
@@ -25,6 +25,7 @@ templatesDir=$TEST_ROOT/templates
nonFlakeDir=$TEST_ROOT/nonFlake
flakeA=$TEST_ROOT/flakeA
flakeB=$TEST_ROOT/flakeB
+flakeGitBare=$TEST_ROOT/flakeGitBare
for repo in $flake1Dir $flake2Dir $flake3Dir $flake7Dir $templatesDir $nonFlakeDir $flakeA $flakeB; do
rm -rf $repo $repo.tmp
@@ -163,16 +164,17 @@ EOF
# Test 'nix flake list'.
[[ $(nix registry list | wc -l) == 7 ]]
-# Test 'nix flake info'.
-nix flake info flake1 | grep -q 'URL: .*flake1.*'
+# Test 'nix flake metadata'.
+nix flake metadata flake1
+nix flake metadata flake1 | grep -q 'Locked URL:.*flake1.*'
-# Test 'nix flake info' on a local flake.
-(cd $flake1Dir && nix flake info) | grep -q 'URL: .*flake1.*'
-(cd $flake1Dir && nix flake info .) | grep -q 'URL: .*flake1.*'
-nix flake info $flake1Dir | grep -q 'URL: .*flake1.*'
+# Test 'nix flake metadata' on a local flake.
+(cd $flake1Dir && nix flake metadata) | grep -q 'URL:.*flake1.*'
+(cd $flake1Dir && nix flake metadata .) | grep -q 'URL:.*flake1.*'
+nix flake metadata $flake1Dir | grep -q 'URL:.*flake1.*'
-# Test 'nix flake info --json'.
-json=$(nix flake info flake1 --json | jq .)
+# Test 'nix flake metadata --json'.
+json=$(nix flake metadata flake1 --json | jq .)
[[ $(echo "$json" | jq -r .description) = 'Bla bla' ]]
[[ -d $(echo "$json" | jq -r .path) ]]
[[ $(echo "$json" | jq -r .lastModified) = $(git -C $flake1Dir log -n1 --format=%ct) ]]
@@ -180,7 +182,7 @@ hash1=$(echo "$json" | jq -r .revision)
echo -n '# foo' >> $flake1Dir/flake.nix
git -C $flake1Dir commit -a -m 'Foo'
-hash2=$(nix flake info flake1 --json --refresh | jq -r .revision)
+hash2=$(nix flake metadata flake1 --json --refresh | jq -r .revision)
[[ $hash1 != $hash2 ]]
# Test 'nix build' on a flake.
@@ -232,7 +234,7 @@ nix build -o $TEST_ROOT/result --flake-registry file:///no-registry.json $flake2
nix build -o $TEST_ROOT/result --no-registries $flake2Dir#bar --refresh
# Updating the flake should not change the lockfile.
-nix flake update $flake2Dir
+nix flake lock $flake2Dir
[[ -z $(git -C $flake2Dir diff master) ]]
# Now we should be able to build the flake in pure mode.
@@ -276,18 +278,18 @@ git -C $flake3Dir commit -m 'Add lockfile'
# Test whether registry caching works.
nix registry list --flake-registry file://$registry | grep -q flake3
mv $registry $registry.tmp
-nix-store --gc
+nix store gc
nix registry list --flake-registry file://$registry --refresh | grep -q flake3
mv $registry.tmp $registry
# Test whether flakes are registered as GC roots for offline use.
# FIXME: use tarballs rather than git.
rm -rf $TEST_HOME/.cache
-nix-store --gc # get rid of copies in the store to ensure they get fetched to our git cache
+nix store gc # get rid of copies in the store to ensure they get fetched to our git cache
_NIX_FORCE_HTTP=1 nix build -o $TEST_ROOT/result git+file://$flake2Dir#bar
mv $flake1Dir $flake1Dir.tmp
mv $flake2Dir $flake2Dir.tmp
-nix-store --gc
+nix store gc
_NIX_FORCE_HTTP=1 nix build -o $TEST_ROOT/result git+file://$flake2Dir#bar
_NIX_FORCE_HTTP=1 nix build -o $TEST_ROOT/result git+file://$flake2Dir#bar --refresh
mv $flake1Dir.tmp $flake1Dir
@@ -354,10 +356,10 @@ nix build -o $TEST_ROOT/result flake3#xyzzy flake3#fnord
nix build -o $TEST_ROOT/result flake4#xyzzy
# Test 'nix flake update' and --override-flake.
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
[[ -z $(git -C $flake3Dir diff master) ]]
-nix flake update $flake3Dir --recreate-lock-file --override-flake flake2 nixpkgs
+nix flake update $flake3Dir --override-flake flake2 nixpkgs
[[ ! -z $(git -C $flake3Dir diff master) ]]
# Make branch "removeXyzzy" where flake3 doesn't have xyzzy anymore
@@ -389,7 +391,7 @@ cat > $flake3Dir/flake.nix <<EOF
};
}
EOF
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
git -C $flake3Dir add flake.nix flake.lock
git -C $flake3Dir commit -m 'Remove packages.xyzzy'
git -C $flake3Dir checkout master
@@ -547,7 +549,7 @@ cat > $flake3Dir/flake.nix <<EOF
}
EOF
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
[[ $(jq -c .nodes.root.inputs.bar $flake3Dir/flake.lock) = '["foo"]' ]]
cat > $flake3Dir/flake.nix <<EOF
@@ -559,7 +561,7 @@ cat > $flake3Dir/flake.nix <<EOF
}
EOF
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
[[ $(jq -c .nodes.root.inputs.bar $flake3Dir/flake.lock) = '["flake2","flake1"]' ]]
cat > $flake3Dir/flake.nix <<EOF
@@ -571,7 +573,7 @@ cat > $flake3Dir/flake.nix <<EOF
}
EOF
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
[[ $(jq -c .nodes.root.inputs.bar $flake3Dir/flake.lock) = '["flake2"]' ]]
# Test overriding inputs of inputs.
@@ -587,7 +589,7 @@ cat > $flake3Dir/flake.nix <<EOF
}
EOF
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
[[ $(jq .nodes.flake1.locked.url $flake3Dir/flake.lock) =~ flake7 ]]
cat > $flake3Dir/flake.nix <<EOF
@@ -600,10 +602,15 @@ cat > $flake3Dir/flake.nix <<EOF
}
EOF
-nix flake update $flake3Dir --recreate-lock-file
+nix flake update $flake3Dir
[[ $(jq -c .nodes.flake2.inputs.flake1 $flake3Dir/flake.lock) =~ '["foo"]' ]]
[[ $(jq .nodes.foo.locked.url $flake3Dir/flake.lock) =~ flake7 ]]
+# Test git+file with bare repo.
+rm -rf $flakeGitBare
+git clone --bare $flake1Dir $flakeGitBare
+nix build -o $TEST_ROOT/result git+file://$flakeGitBare
+
# Test Mercurial flakes.
rm -rf $flake5Dir
hg init $flake5Dir
@@ -624,7 +631,7 @@ hg commit --config ui.username=foobar@example.org $flake5Dir -m 'Initial commit'
nix build -o $TEST_ROOT/result hg+file://$flake5Dir
[[ -e $TEST_ROOT/result/hello ]]
-(! nix flake info --json hg+file://$flake5Dir | jq -e -r .revision)
+(! nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revision)
nix eval hg+file://$flake5Dir#expr
@@ -632,13 +639,13 @@ nix eval hg+file://$flake5Dir#expr
(! nix eval hg+file://$flake5Dir#expr --no-allow-dirty)
-(! nix flake info --json hg+file://$flake5Dir | jq -e -r .revision)
+(! nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revision)
hg commit --config ui.username=foobar@example.org $flake5Dir -m 'Add lock file'
-nix flake info --json hg+file://$flake5Dir --refresh | jq -e -r .revision
-nix flake info --json hg+file://$flake5Dir
-[[ $(nix flake info --json hg+file://$flake5Dir | jq -e -r .revCount) = 1 ]]
+nix flake metadata --json hg+file://$flake5Dir --refresh | jq -e -r .revision
+nix flake metadata --json hg+file://$flake5Dir
+[[ $(nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revCount) = 1 ]]
nix build -o $TEST_ROOT/result hg+file://$flake5Dir --no-registries --no-allow-dirty
@@ -648,7 +655,7 @@ tar cfz $TEST_ROOT/flake.tar.gz -C $TEST_ROOT --exclude .hg flake5
nix build -o $TEST_ROOT/result file://$TEST_ROOT/flake.tar.gz
# Building with a tarball URL containing a SRI hash should also work.
-url=$(nix flake info --json file://$TEST_ROOT/flake.tar.gz | jq -r .url)
+url=$(nix flake metadata --json file://$TEST_ROOT/flake.tar.gz | jq -r .url)
[[ $url =~ sha256- ]]
nix build -o $TEST_ROOT/result $url
@@ -658,25 +665,24 @@ nix build -o $TEST_ROOT/result "file://$TEST_ROOT/flake.tar.gz?narHash=sha256-qQ
# Test --override-input.
git -C $flake3Dir reset --hard
-nix flake update $flake3Dir --override-input flake2/flake1 flake5 -vvvvv
+nix flake lock $flake3Dir --override-input flake2/flake1 flake5 -vvvvv
[[ $(jq .nodes.flake1_2.locked.url $flake3Dir/flake.lock) =~ flake5 ]]
-nix flake update $flake3Dir --override-input flake2/flake1 flake1
+nix flake lock $flake3Dir --override-input flake2/flake1 flake1
[[ $(jq -r .nodes.flake1_2.locked.rev $flake3Dir/flake.lock) =~ $hash2 ]]
-nix flake update $flake3Dir --override-input flake2/flake1 flake1/master/$hash1
+nix flake lock $flake3Dir --override-input flake2/flake1 flake1/master/$hash1
[[ $(jq -r .nodes.flake1_2.locked.rev $flake3Dir/flake.lock) =~ $hash1 ]]
# Test --update-input.
-nix flake update $flake3Dir
+nix flake lock $flake3Dir
[[ $(jq -r .nodes.flake1_2.locked.rev $flake3Dir/flake.lock) = $hash1 ]]
-nix flake update $flake3Dir --update-input flake2/flake1
+nix flake lock $flake3Dir --update-input flake2/flake1
[[ $(jq -r .nodes.flake1_2.locked.rev $flake3Dir/flake.lock) =~ $hash2 ]]
-# Test 'nix flake list-inputs'.
-[[ $(nix flake list-inputs $flake3Dir | wc -l) == 5 ]]
-nix flake list-inputs $flake3Dir --json | jq .
+# Test 'nix flake metadata --json'.
+nix flake metadata $flake3Dir --json | jq .
# Test circular flake dependencies.
cat > $flakeA/flake.nix <<EOF
@@ -715,4 +721,4 @@ git -C $flakeB commit -a -m 'Foo'
[[ $(nix eval --update-input b $flakeA#foo) = 1912 ]]
# Test list-inputs with circular dependencies
-nix flake list-inputs $flakeA
+nix flake metadata $flakeA
diff --git a/tests/gc-auto.sh b/tests/gc-auto.sh
index 3add896c6..6867f2eb4 100644
--- a/tests/gc-auto.sh
+++ b/tests/gc-auto.sh
@@ -2,9 +2,9 @@ source common.sh
clearStore
-garbage1=$(nix add-to-store --name garbage1 ./nar-access.sh)
-garbage2=$(nix add-to-store --name garbage2 ./nar-access.sh)
-garbage3=$(nix add-to-store --name garbage3 ./nar-access.sh)
+garbage1=$(nix store add-path --name garbage1 ./nar-access.sh)
+garbage2=$(nix store add-path --name garbage2 ./nar-access.sh)
+garbage3=$(nix store add-path --name garbage3 ./nar-access.sh)
ls -l $garbage3
POSIXLY_CORRECT=1 du $garbage3
diff --git a/tests/github-flakes.nix b/tests/github-flakes.nix
index a47610d9a..7ac397d81 100644
--- a/tests/github-flakes.nix
+++ b/tests/github-flakes.nix
@@ -1,6 +1,6 @@
{ nixpkgs, system, overlay }:
-with import (nixpkgs + "/nixos/lib/testing.nix") {
+with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
@@ -64,6 +64,7 @@ in
makeTest (
{
+ name = "github-flakes";
nodes =
{ # Impersonate github.com and api.github.com.
@@ -113,36 +114,37 @@ makeTest (
};
};
- testScript = { nodes }:
- ''
- use POSIX qw(strftime);
-
- startAll;
+ testScript = { nodes }: ''
+ # fmt: off
+ import json
+ import time
- $github->waitForUnit("httpd.service");
+ start_all()
- $client->succeed("curl -v https://github.com/ >&2");
+ github.wait_for_unit("httpd.service")
- $client->succeed("nix registry list | grep nixpkgs");
+ client.succeed("curl -v https://github.com/ >&2")
+ client.succeed("nix registry list | grep nixpkgs")
- $client->succeed("nix flake info nixpkgs --json | jq -r .revision") eq "${nixpkgs.rev}\n"
- or die "revision mismatch";
+ rev = client.succeed("nix flake info nixpkgs --json | jq -r .revision")
+ assert rev.strip() == "${nixpkgs.rev}", "revision mismatch"
- $client->succeed("nix registry pin nixpkgs");
+ client.succeed("nix registry pin nixpkgs")
- $client->succeed("nix flake info nixpkgs --tarball-ttl 0 >&2");
+ client.succeed("nix flake info nixpkgs --tarball-ttl 0 >&2")
- # Shut down the web server. The flake should be cached on the client.
- $github->succeed("systemctl stop httpd.service");
+ # Shut down the web server. The flake should be cached on the client.
+ github.succeed("systemctl stop httpd.service")
- my $date = $client->succeed("nix flake info nixpkgs --json | jq -M .lastModified");
- strftime("%Y%m%d%H%M%S", gmtime($date)) eq "${nixpkgs.lastModifiedDate}" or die "time mismatch";
+ info = json.loads(client.succeed("nix flake info nixpkgs --json"))
+ date = time.strftime("%Y%m%d%H%M%S", time.gmtime(info['lastModified']))
+ assert date == "${nixpkgs.lastModifiedDate}", "time mismatch"
- $client->succeed("nix build nixpkgs#hello");
+ client.succeed("nix build nixpkgs#hello")
- # The build shouldn't fail even with --tarball-ttl 0 (the server
- # being down should not be a fatal error).
- $client->succeed("nix build nixpkgs#fuse --tarball-ttl 0");
- '';
+ # The build shouldn't fail even with --tarball-ttl 0 (the server
+ # being down should not be a fatal error).
+ client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
+ '';
})
diff --git a/tests/hash.sh b/tests/hash.sh
index 4cfc97901..e5f75e2cf 100644
--- a/tests/hash.sh
+++ b/tests/hash.sh
@@ -2,7 +2,7 @@ source common.sh
try () {
printf "%s" "$2" > $TEST_ROOT/vector
- hash=$(nix hash-file --base16 $EXTRA --type "$1" $TEST_ROOT/vector)
+ hash=$(nix hash file --base16 $EXTRA --type "$1" $TEST_ROOT/vector)
if test "$hash" != "$3"; then
echo "hash $1, expected $3, got $hash"
exit 1
@@ -69,17 +69,17 @@ try2 md5 "f78b733a68f5edbdf9413899339eaa4a"
# Conversion.
try3() {
- h64=$(nix to-base64 --type "$1" "$2")
+ h64=$(nix hash to-base64 --type "$1" "$2")
[ "$h64" = "$4" ]
- sri=$(nix to-sri --type "$1" "$2")
+ sri=$(nix hash to-sri --type "$1" "$2")
[ "$sri" = "$1-$4" ]
h32=$(nix-hash --type "$1" --to-base32 "$2")
[ "$h32" = "$3" ]
h16=$(nix-hash --type "$1" --to-base16 "$h32")
[ "$h16" = "$2" ]
- h16=$(nix to-base16 --type "$1" "$h64")
+ h16=$(nix hash to-base16 --type "$1" "$h64")
[ "$h16" = "$2" ]
- h16=$(nix to-base16 "$sri")
+ h16=$(nix hash to-base16 "$sri")
[ "$h16" = "$2" ]
}
try3 sha1 "800d59cfcd3c05e900cb4e214be48f6b886a08df" "vw46m23bizj4n8afrc0fj19wrp7mj3c0" "gA1Zz808BekAy04hS+SPa4hqCN8="
diff --git a/tests/init.sh b/tests/init.sh
index f9ced6b0d..1a6ccb6fe 100644
--- a/tests/init.sh
+++ b/tests/init.sh
@@ -19,7 +19,9 @@ keep-derivations = false
sandbox = false
experimental-features = nix-command flakes
gc-reserved-space = 0
+substituters =
flake-registry = $TEST_ROOT/registry.json
+show-trace = true
include nix.conf.extra
EOF
diff --git a/tests/lang/eval-okay-search-path.nix b/tests/lang/eval-okay-search-path.nix
index c5a123d04..6fe33decc 100644
--- a/tests/lang/eval-okay-search-path.nix
+++ b/tests/lang/eval-okay-search-path.nix
@@ -1,10 +1,9 @@
with import ./lib.nix;
with builtins;
-assert pathExists <nix/fetchurl.nix>;
+assert isFunction (import <nix/fetchurl.nix>);
-assert length __nixPath == 6;
-assert length (filter (x: x.prefix == "nix") __nixPath) == 1;
+assert length __nixPath == 5;
assert length (filter (x: baseNameOf x.path == "dir4") __nixPath) == 1;
import <a.nix> + import <b.nix> + import <c.nix> + import <dir5/c.nix>
diff --git a/tests/linux-sandbox.sh b/tests/linux-sandbox.sh
index 16abd974c..70a90a907 100644
--- a/tests/linux-sandbox.sh
+++ b/tests/linux-sandbox.sh
@@ -22,9 +22,9 @@ outPath=$(nix-build dependencies.nix --no-out-link --sandbox-paths /nix/store)
nix path-info -r $outPath | grep input-2
-nix ls-store -R -l $outPath | grep foobar
+nix store ls -R -l $outPath | grep foobar
-nix cat-store $outPath/foobar | grep FOOBAR
+nix store cat $outPath/foobar | grep FOOBAR
# Test --check without hash rewriting.
nix-build dependencies.nix --no-out-link --check --sandbox-paths /nix/store
diff --git a/tests/local.mk b/tests/local.mk
index a1929f96d..e7e85f97e 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -7,14 +7,19 @@ nix_tests = \
referrers.sh user-envs.sh logging.sh nix-build.sh misc.sh fixed.sh \
gc-runtime.sh check-refs.sh filter-source.sh \
local-store.sh remote-store.sh export.sh export-graph.sh \
+ db-migration.sh \
timeout.sh secure-drv-outputs.sh nix-channel.sh \
multiple-outputs.sh import-derivation.sh fetchurl.sh optimise-store.sh \
- binary-cache.sh nix-profile.sh repair.sh dump-db.sh case-hack.sh \
+ binary-cache.sh \
+ binary-cache-build-remote.sh \
+ nix-profile.sh repair.sh dump-db.sh case-hack.sh \
check-reqs.sh pass-as-file.sh tarball.sh restricted.sh \
placeholders.sh nix-shell.sh \
linux-sandbox.sh \
build-dry.sh \
build-remote-input-addressed.sh \
+ build-remote-content-addressed-fixed.sh \
+ build-remote-content-addressed-floating.sh \
ssh-relay.sh \
nar-access.sh \
structured-attrs.sh \
@@ -35,9 +40,13 @@ nix_tests = \
recursive.sh \
describe-stores.sh \
flakes.sh \
- content-addressed.sh
+ build.sh \
+ compute-levels.sh \
+ ca/build.sh \
+ ca/substitute.sh \
+ ca/signatures.sh \
+ ca/nix-copy.sh
# parallel.sh
- # build-remote-content-addressed-fixed.sh \
install-tests += $(foreach x, $(nix_tests), tests/$(x))
diff --git a/tests/misc.sh b/tests/misc.sh
index a81c9dbb1..2830856ae 100644
--- a/tests/misc.sh
+++ b/tests/misc.sh
@@ -17,10 +17,10 @@ nix-env -q --foo 2>&1 | grep "unknown flag"
# Eval Errors.
eval_arg_res=$(nix-instantiate --eval -E 'let a = {} // a; in a.foo' 2>&1 || true)
-echo $eval_arg_res | grep "at: (1:15) from string"
+echo $eval_arg_res | grep "at «string»:1:15:"
echo $eval_arg_res | grep "infinite recursion encountered"
eval_stdin_res=$(echo 'let a = {} // a; in a.foo' | nix-instantiate --eval -E - 2>&1 || true)
-echo $eval_stdin_res | grep "at: (1:15) from stdin"
+echo $eval_stdin_res | grep "at «stdin»:1:15:"
echo $eval_stdin_res | grep "infinite recursion encountered"
diff --git a/tests/multiple-outputs.sh b/tests/multiple-outputs.sh
index 7a6ec181d..de573d4fa 100644
--- a/tests/multiple-outputs.sh
+++ b/tests/multiple-outputs.sh
@@ -58,7 +58,7 @@ outPath2=$(nix-build $(nix-instantiate multiple-outputs.nix -A a.second) --no-ou
# Delete one of the outputs and rebuild it. This will cause a hash
# rewrite.
-nix-store --delete $TEST_ROOT/result-second --ignore-liveness
+nix store delete $TEST_ROOT/result-second --ignore-liveness
nix-build multiple-outputs.nix -A a.all -o $TEST_ROOT/result
[ "$(cat $TEST_ROOT/result-second/file)" = "second" ]
[ "$(cat $TEST_ROOT/result-second/link/file)" = "first" ]
diff --git a/tests/nar-access.sh b/tests/nar-access.sh
index 88b997ca6..dcc2e8a36 100644
--- a/tests/nar-access.sh
+++ b/tests/nar-access.sh
@@ -9,45 +9,45 @@ cd "$TEST_ROOT"
narFile="$TEST_ROOT/path.nar"
nix-store --dump $storePath > $narFile
-# Check that find and ls-nar match.
+# Check that find and nar ls match.
( cd $storePath; find . | sort ) > files.find
-nix ls-nar -R -d $narFile "" | sort > files.ls-nar
+nix nar ls -R -d $narFile "" | sort > files.ls-nar
diff -u files.find files.ls-nar
# Check that file contents of data match.
-nix cat-nar $narFile /foo/data > data.cat-nar
+nix nar cat $narFile /foo/data > data.cat-nar
diff -u data.cat-nar $storePath/foo/data
# Check that file contents of baz match.
-nix cat-nar $narFile /foo/baz > baz.cat-nar
+nix nar cat $narFile /foo/baz > baz.cat-nar
diff -u baz.cat-nar $storePath/foo/baz
-nix cat-store $storePath/foo/baz > baz.cat-nar
+nix store cat $storePath/foo/baz > baz.cat-nar
diff -u baz.cat-nar $storePath/foo/baz
# Test --json.
diff -u \
- <(nix ls-nar --json $narFile / | jq -S) \
+ <(nix nar ls --json $narFile / | jq -S) \
<(echo '{"type":"directory","entries":{"foo":{},"foo-x":{},"qux":{},"zyx":{}}}' | jq -S)
diff -u \
- <(nix ls-nar --json -R $narFile /foo | jq -S) \
+ <(nix nar ls --json -R $narFile /foo | jq -S) \
<(echo '{"type":"directory","entries":{"bar":{"type":"regular","size":0,"narOffset":368},"baz":{"type":"regular","size":0,"narOffset":552},"data":{"type":"regular","size":58,"narOffset":736}}}' | jq -S)
diff -u \
- <(nix ls-nar --json -R $narFile /foo/bar | jq -S) \
+ <(nix nar ls --json -R $narFile /foo/bar | jq -S) \
<(echo '{"type":"regular","size":0,"narOffset":368}' | jq -S)
diff -u \
- <(nix ls-store --json $storePath | jq -S) \
+ <(nix store ls --json $storePath | jq -S) \
<(echo '{"type":"directory","entries":{"foo":{},"foo-x":{},"qux":{},"zyx":{}}}' | jq -S)
diff -u \
- <(nix ls-store --json -R $storePath/foo | jq -S) \
+ <(nix store ls --json -R $storePath/foo | jq -S) \
<(echo '{"type":"directory","entries":{"bar":{"type":"regular","size":0},"baz":{"type":"regular","size":0},"data":{"type":"regular","size":58}}}' | jq -S)
diff -u \
- <(nix ls-store --json -R $storePath/foo/bar| jq -S) \
+ <(nix store ls --json -R $storePath/foo/bar| jq -S) \
<(echo '{"type":"regular","size":0}' | jq -S)
# Test missing files.
-nix ls-store --json -R $storePath/xyzzy 2>&1 | grep 'does not exist in NAR'
-nix ls-store $storePath/xyzzy 2>&1 | grep 'does not exist'
+nix store ls --json -R $storePath/xyzzy 2>&1 | grep 'does not exist in NAR'
+nix store ls $storePath/xyzzy 2>&1 | grep 'does not exist'
# Test failure to dump.
if nix-store --dump $storePath >/dev/full ; then
diff --git a/tests/nix-build-examples.nix b/tests/nix-build-examples.nix
new file mode 100644
index 000000000..e54dbbf62
--- /dev/null
+++ b/tests/nix-build-examples.nix
@@ -0,0 +1,33 @@
+with import ./config.nix;
+
+rec {
+
+ input0 = mkDerivation {
+ name = "dependencies-input-0";
+ buildCommand = "mkdir $out; echo foo > $out/bar";
+ };
+
+ input1 = mkDerivation {
+ name = "dependencies-input-1";
+ buildCommand = "mkdir $out; echo FOO > $out/foo";
+ };
+
+ input2 = mkDerivation {
+ name = "dependencies-input-2";
+ buildCommand = ''
+ mkdir $out
+ echo BAR > $out/bar
+ echo ${input0} > $out/input0
+ '';
+ };
+
+ body = mkDerivation {
+ name = "dependencies-top";
+ builder = ./dependencies.builder0.sh + "/FOOBAR/../.";
+ input1 = input1 + "/.";
+ input2 = "${input2}/.";
+ input1_drv = input1;
+ meta.description = "Random test package";
+ };
+
+}
diff --git a/tests/nix-build.sh b/tests/nix-build.sh
index 3123c6da3..44a5a14cd 100644
--- a/tests/nix-build.sh
+++ b/tests/nix-build.sh
@@ -26,3 +26,18 @@ outPath2=$(nix-build $(nix-instantiate dependencies.nix)!out --no-out-link)
outPath2=$(nix-store -r $(nix-instantiate --add-root $TEST_ROOT/indirect dependencies.nix)!out)
[[ $outPath = $outPath2 ]]
+
+# The order of the paths on stdout must correspond to the -A options
+# https://github.com/NixOS/nix/issues/4197
+
+input0="$(nix-build nix-build-examples.nix -A input0 --no-out-link)"
+input1="$(nix-build nix-build-examples.nix -A input1 --no-out-link)"
+input2="$(nix-build nix-build-examples.nix -A input2 --no-out-link)"
+body="$(nix-build nix-build-examples.nix -A body --no-out-link)"
+
+outPathsA="$(echo $(nix-build nix-build-examples.nix -A input0 -A input1 -A input2 -A body --no-out-link))"
+[[ "$outPathsA" = "$input0 $input1 $input2 $body" ]]
+
+# test a different ordering to make sure it fails, not just in 23 out of 24 permutations
+outPathsB="$(echo $(nix-build nix-build-examples.nix -A body -A input1 -A input2 -A input0 --no-out-link))"
+[[ "$outPathsB" = "$body $input1 $input2 $input0" ]]
diff --git a/tests/nix-copy-closure.nix b/tests/nix-copy-closure.nix
index 9c9d119b7..1b63a3fca 100644
--- a/tests/nix-copy-closure.nix
+++ b/tests/nix-copy-closure.nix
@@ -2,18 +2,19 @@
{ nixpkgs, system, overlay }:
-with import (nixpkgs + "/nixos/lib/testing.nix") {
+with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
-makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; in {
+makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pkgs.tmux; in {
+ name = "nix-copy-closure";
nodes =
{ client =
{ config, lib, pkgs, ... }:
{ virtualisation.writableStore = true;
- virtualisation.pathsInNixDB = [ pkgA ];
+ virtualisation.pathsInNixDB = [ pkgA pkgD.drvPath ];
nix.binaryCaches = lib.mkForce [ ];
};
@@ -25,41 +26,52 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; in {
};
};
- testScript = { nodes }:
- ''
- startAll;
+ testScript = { nodes }: ''
+ # fmt: off
+ import subprocess
- # Create an SSH key on the client.
- my $key = `${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f key -N ""`;
- $client->succeed("mkdir -m 700 /root/.ssh");
- $client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
- $client->succeed("chmod 600 /root/.ssh/id_ed25519");
+ start_all()
- # Install the SSH key on the server.
- $server->succeed("mkdir -m 700 /root/.ssh");
- $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
- $server->waitForUnit("sshd");
- $client->waitForUnit("network.target");
- $client->succeed("ssh -o StrictHostKeyChecking=no " . $server->name() . " 'echo hello world'");
+ # Create an SSH key on the client.
+ subprocess.run([
+ "${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
+ ], capture_output=True, check=True)
- # Copy the closure of package A from the client to the server.
- $server->fail("nix-store --check-validity ${pkgA}");
- $client->succeed("nix-copy-closure --to server --gzip ${pkgA} >&2");
- $server->succeed("nix-store --check-validity ${pkgA}");
+ client.succeed("mkdir -m 700 /root/.ssh")
+ client.copy_from_host("key", "/root/.ssh/id_ed25519")
+ client.succeed("chmod 600 /root/.ssh/id_ed25519")
- # Copy the closure of package B from the server to the client.
- $client->fail("nix-store --check-validity ${pkgB}");
- $client->succeed("nix-copy-closure --from server --gzip ${pkgB} >&2");
- $client->succeed("nix-store --check-validity ${pkgB}");
+ # Install the SSH key on the server.
+ server.succeed("mkdir -m 700 /root/.ssh")
+ server.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
+ server.wait_for_unit("sshd")
+ client.wait_for_unit("network.target")
+ client.succeed(f"ssh -o StrictHostKeyChecking=no {server.name} 'echo hello world'")
- # Copy the closure of package C via the SSH substituter.
- $client->fail("nix-store -r ${pkgC}");
- # FIXME
- #$client->succeed(
- # "nix-store --option use-ssh-substituter true"
- # . " --option ssh-substituter-hosts root\@server"
- # . " -r ${pkgC} >&2");
- #$client->succeed("nix-store --check-validity ${pkgC}");
- '';
+ # Copy the closure of package A from the client to the server.
+ server.fail("nix-store --check-validity ${pkgA}")
+ client.succeed("nix-copy-closure --to server --gzip ${pkgA} >&2")
+ server.succeed("nix-store --check-validity ${pkgA}")
+ # Copy the closure of package B from the server to the client.
+ client.fail("nix-store --check-validity ${pkgB}")
+ client.succeed("nix-copy-closure --from server --gzip ${pkgB} >&2")
+ client.succeed("nix-store --check-validity ${pkgB}")
+
+ # Copy the closure of package C via the SSH substituter.
+ client.fail("nix-store -r ${pkgC}")
+
+ # Copy the derivation of package D's derivation from the client to the server.
+ server.fail("nix-store --check-validity ${pkgD.drvPath}")
+ client.succeed("nix-copy-closure --to server --gzip ${pkgD.drvPath} >&2")
+ server.succeed("nix-store --check-validity ${pkgD.drvPath}")
+
+ # FIXME
+ # client.succeed(
+ # "nix-store --option use-ssh-substituter true"
+ # " --option ssh-substituter-hosts root\@server"
+ # " -r ${pkgC} >&2"
+ # )
+ # client.succeed("nix-store --check-validity ${pkgC}")
+ '';
})
diff --git a/tests/nix-shell.sh b/tests/nix-shell.sh
index 1228bb04f..4775bafb9 100644
--- a/tests/nix-shell.sh
+++ b/tests/nix-shell.sh
@@ -47,6 +47,14 @@ chmod a+rx $TEST_ROOT/shell.shebang.sh
output=$($TEST_ROOT/shell.shebang.sh abc def)
[ "$output" = "foo bar abc def" ]
+# Test nix-shell shebang mode again with metacharacters in the filename.
+# First word of filename is chosen to not match any file in the test root.
+sed -e "s|@ENV_PROG@|$(type -p env)|" shell.shebang.sh > $TEST_ROOT/spaced\ \\\'\"shell.shebang.sh
+chmod a+rx $TEST_ROOT/spaced\ \\\'\"shell.shebang.sh
+
+output=$($TEST_ROOT/spaced\ \\\'\"shell.shebang.sh abc def)
+[ "$output" = "foo bar abc def" ]
+
# Test nix-shell shebang mode for ruby
# This uses a fake interpreter that returns the arguments passed
# This, in turn, verifies the `rc` script is valid and the `load()` script (given using `-e`) is as expected.
@@ -54,11 +62,25 @@ sed -e "s|@SHELL_PROG@|$(type -p nix-shell)|" shell.shebang.rb > $TEST_ROOT/shel
chmod a+rx $TEST_ROOT/shell.shebang.rb
output=$($TEST_ROOT/shell.shebang.rb abc ruby)
-[ "$output" = '-e load("'"$TEST_ROOT"'/shell.shebang.rb") -- abc ruby' ]
+[ "$output" = '-e load(ARGV.shift) -- '"$TEST_ROOT"'/shell.shebang.rb abc ruby' ]
+
+# Test nix-shell shebang mode for ruby again with metacharacters in the filename.
+# Note: fake interpreter only space-separates args without adding escapes to its output.
+sed -e "s|@SHELL_PROG@|$(type -p nix-shell)|" shell.shebang.rb > $TEST_ROOT/spaced\ \\\'\"shell.shebang.rb
+chmod a+rx $TEST_ROOT/spaced\ \\\'\"shell.shebang.rb
+
+output=$($TEST_ROOT/spaced\ \\\'\"shell.shebang.rb abc ruby)
+[ "$output" = '-e load(ARGV.shift) -- '"$TEST_ROOT"'/spaced \'\''"shell.shebang.rb abc ruby' ]
# Test 'nix develop'.
nix develop -f shell.nix shellDrv -c bash -c '[[ -n $stdenv ]]'
+# Ensure `nix develop -c` preserves stdin
+echo foo | nix develop -f shell.nix shellDrv -c cat | grep -q foo
+
+# Ensure `nix develop -c` actually executes the command if stdout isn't a terminal
+nix develop -f shell.nix shellDrv -c echo foo |& grep -q foo
+
# Test 'nix print-dev-env'.
source <(nix print-dev-env -f shell.nix shellDrv)
[[ -n $stdenv ]]
diff --git a/tests/plugins.sh b/tests/plugins.sh
index 50bfaf7e9..e22bf4408 100644
--- a/tests/plugins.sh
+++ b/tests/plugins.sh
@@ -2,6 +2,6 @@ source common.sh
set -o pipefail
-res=$(nix eval --expr builtins.anotherNull --option setting-set true --option plugin-files $PWD/plugins/libplugintest*)
+res=$(nix --option setting-set true --option plugin-files $PWD/plugins/libplugintest* eval --expr builtins.anotherNull)
[ "$res"x = "nullx" ]
diff --git a/tests/pure-eval.sh b/tests/pure-eval.sh
index 43a765997..c994fbb98 100644
--- a/tests/pure-eval.sh
+++ b/tests/pure-eval.sh
@@ -15,4 +15,12 @@ nix eval --expr 'assert 1 + 2 == 3; true'
[[ $(nix eval --impure --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x") == 123 ]]
(! nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x")
-nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; sha256 = \"$(nix hash-file pure-eval.nix --type sha256)\"; })).x"
+nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; sha256 = \"$(nix hash file pure-eval.nix --type sha256)\"; })).x"
+
+rm -rf $TEST_ROOT/eval-out
+nix eval --store dummy:// --write-to $TEST_ROOT/eval-out --expr '{ x = "foo" + "bar"; y = { z = "bla"; }; }'
+[[ $(cat $TEST_ROOT/eval-out/x) = foobar ]]
+[[ $(cat $TEST_ROOT/eval-out/y/z) = bla ]]
+
+rm -rf $TEST_ROOT/eval-out
+(! nix eval --store dummy:// --write-to $TEST_ROOT/eval-out --expr '{ "." = "bla"; }')
diff --git a/tests/push-to-store.sh b/tests/push-to-store.sh
index 6aadb916b..25352c751 100755
--- a/tests/push-to-store.sh
+++ b/tests/push-to-store.sh
@@ -1,4 +1,6 @@
#!/bin/sh
-echo Pushing "$@" to "$REMOTE_STORE"
-printf "%s" "$OUT_PATHS" | xargs -d: nix copy --to "$REMOTE_STORE" --no-require-sigs
+set -x
+
+echo Pushing "$OUT_PATHS" to "$REMOTE_STORE"
+printf "%s" "$DRV_PATH" | xargs nix copy --to "$REMOTE_STORE" --no-require-sigs
diff --git a/tests/recursive.sh b/tests/recursive.sh
index 80a178cc7..b020ec710 100644
--- a/tests/recursive.sh
+++ b/tests/recursive.sh
@@ -7,7 +7,7 @@ clearStore
rm -f $TEST_ROOT/result
-export unreachable=$(nix add-to-store ./recursive.sh)
+export unreachable=$(nix store add-path ./recursive.sh)
NIX_BIN_DIR=$(dirname $(type -p nix)) nix --experimental-features 'nix-command recursive-nix' build -o $TEST_ROOT/result -L --impure --expr '
with import ./config.nix;
@@ -38,7 +38,7 @@ NIX_BIN_DIR=$(dirname $(type -p nix)) nix --experimental-features 'nix-command r
# Add something to the store.
echo foobar > foobar
- foobar=$(nix $opts add-to-store ./foobar)
+ foobar=$(nix $opts store add-path ./foobar)
nix $opts path-info $foobar
nix $opts build $foobar
diff --git a/tests/remote-builds.nix b/tests/remote-builds.nix
index 153956619..b9e7352c0 100644
--- a/tests/remote-builds.nix
+++ b/tests/remote-builds.nix
@@ -2,7 +2,7 @@
{ nixpkgs, system, overlay }:
-with import (nixpkgs + "/nixos/lib/testing.nix") {
+with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
@@ -36,6 +36,7 @@ let
in
{
+ name = "remote-builds";
nodes =
{ builder1 = builder;
@@ -66,44 +67,46 @@ in
};
};
- testScript = { nodes }:
- ''
- startAll;
-
- # Create an SSH key on the client.
- my $key = `${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f key -N ""`;
- $client->succeed("mkdir -p -m 700 /root/.ssh");
- $client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
- $client->succeed("chmod 600 /root/.ssh/id_ed25519");
-
- # Install the SSH key on the builders.
- $client->waitForUnit("network.target");
- foreach my $builder ($builder1, $builder2) {
- $builder->succeed("mkdir -p -m 700 /root/.ssh");
- $builder->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
- $builder->waitForUnit("sshd");
- $client->succeed("ssh -o StrictHostKeyChecking=no " . $builder->name() . " 'echo hello world'");
- }
-
- # Perform a build and check that it was performed on the builder.
- my $out = $client->succeed(
- "nix-build ${expr nodes.client.config 1} 2> build-output",
- "grep -q Hello build-output"
- );
- $builder1->succeed("test -e $out");
-
- # And a parallel build.
- my ($out1, $out2) = split /\s/,
- $client->succeed('nix-store -r $(nix-instantiate ${expr nodes.client.config 2})\!out $(nix-instantiate ${expr nodes.client.config 3})\!out');
- $builder1->succeed("test -e $out1 -o -e $out2");
- $builder2->succeed("test -e $out1 -o -e $out2");
-
- # And a failing build.
- $client->fail("nix-build ${expr nodes.client.config 5}");
-
- # Test whether the build hook automatically skips unavailable builders.
- $builder1->block;
- $client->succeed("nix-build ${expr nodes.client.config 4}");
- '';
-
+ testScript = { nodes }: ''
+ # fmt: off
+ import subprocess
+
+ start_all()
+
+ # Create an SSH key on the client.
+ subprocess.run([
+ "${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
+ ], capture_output=True, check=True)
+ client.succeed("mkdir -p -m 700 /root/.ssh")
+ client.copy_from_host("key", "/root/.ssh/id_ed25519")
+ client.succeed("chmod 600 /root/.ssh/id_ed25519")
+
+ # Install the SSH key on the builders.
+ client.wait_for_unit("network.target")
+ for builder in [builder1, builder2]:
+ builder.succeed("mkdir -p -m 700 /root/.ssh")
+ builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
+ builder.wait_for_unit("sshd")
+ client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'")
+
+ # Perform a build and check that it was performed on the builder.
+ out = client.succeed(
+ "nix-build ${expr nodes.client.config 1} 2> build-output",
+ "grep -q Hello build-output"
+ )
+ builder1.succeed(f"test -e {out}")
+
+ # And a parallel build.
+ paths = client.succeed(r'nix-store -r $(nix-instantiate ${expr nodes.client.config 2})\!out $(nix-instantiate ${expr nodes.client.config 3})\!out')
+ out1, out2 = paths.split()
+ builder1.succeed(f"test -e {out1} -o -e {out2}")
+ builder2.succeed(f"test -e {out1} -o -e {out2}")
+
+ # And a failing build.
+ client.fail("nix-build ${expr nodes.client.config 5}")
+
+ # Test whether the build hook automatically skips unavailable builders.
+ builder1.block()
+ client.succeed("nix-build ${expr nodes.client.config 4}")
+ '';
})
diff --git a/tests/remote-store.sh b/tests/remote-store.sh
index 3a61946f9..31210ab47 100644
--- a/tests/remote-store.sh
+++ b/tests/remote-store.sh
@@ -7,14 +7,28 @@ nix --store ssh-ng://localhost?remote-store=$TEST_ROOT/other-store doctor
startDaemon
+# Test import-from-derivation through the daemon.
+[[ $(nix eval --impure --raw --expr '
+ with import ./config.nix;
+ import (
+ mkDerivation {
+ name = "foo";
+ bla = import ./dependencies.nix;
+ buildCommand = "
+ echo \\\"hi\\\" > $out
+ ";
+ }
+ )
+') = hi ]]
+
storeCleared=1 NIX_REMOTE_=$NIX_REMOTE $SHELL ./user-envs.sh
+nix-store --gc --max-freed 1K
+
nix-store --dump-db > $TEST_ROOT/d1
NIX_REMOTE= nix-store --dump-db > $TEST_ROOT/d2
cmp $TEST_ROOT/d1 $TEST_ROOT/d2
-nix-store --gc --max-freed 1K
-
killDaemon
user=$(whoami)
diff --git a/tests/setuid.nix b/tests/setuid.nix
index 6f2f7d392..35eb304ed 100644
--- a/tests/setuid.nix
+++ b/tests/setuid.nix
@@ -2,12 +2,13 @@
{ nixpkgs, system, overlay }:
-with import (nixpkgs + "/nixos/lib/testing.nix") {
+with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
};
makeTest {
+ name = "setuid";
machine =
{ config, lib, pkgs, ... }:
@@ -17,94 +18,109 @@ makeTest {
virtualisation.pathsInNixDB = [ pkgs.stdenv pkgs.pkgsi686Linux.stdenv ];
};
- testScript = { nodes }:
- ''
- startAll;
-
- # Copying to /tmp should succeed.
- $machine->succeed('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- # Creating a setuid binary should fail.
- $machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- chmod 4755 /tmp/id
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- # Creating a setgid binary should fail.
- $machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- chmod 2755 /tmp/id
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- # The checks should also work on 32-bit binaries.
- $machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- chmod 2755 /tmp/id
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- # The tests above use fchmodat(). Test chmod() as well.
- $machine->succeed('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- perl -e \"chmod 0666, qw(/tmp/id) or die\"
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 666 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- $machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- perl -e \"chmod 04755, qw(/tmp/id) or die\"
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- # And test fchmod().
- $machine->succeed('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 1750 ]]');
-
- $machine->succeed("rm /tmp/id");
-
- $machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
- mkdir -p $out
- cp ${pkgs.coreutils}/bin/id /tmp/id
- perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"
- ")\' ');
-
- $machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]');
-
- $machine->succeed("rm /tmp/id");
- '';
-
+ testScript = { nodes }: ''
+ # fmt: off
+ start_all()
+
+ # Copying to /tmp should succeed.
+ machine.succeed(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" {} "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ # Creating a setuid binary should fail.
+ machine.fail(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" {} "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ chmod 4755 /tmp/id
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ # Creating a setgid binary should fail.
+ machine.fail(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" {} "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ chmod 2755 /tmp/id
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ # The checks should also work on 32-bit binaries.
+ machine.fail(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ chmod 2755 /tmp/id
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ # The tests above use fchmodat(). Test chmod() as well.
+ machine.succeed(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ perl -e \"chmod 0666, qw(/tmp/id) or die\"
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 666 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ machine.fail(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ perl -e \"chmod 04755, qw(/tmp/id) or die\"
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ # And test fchmod().
+ machine.succeed(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 1750 ]]')
+
+ machine.succeed("rm /tmp/id")
+
+ machine.fail(r"""
+ nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+ mkdir -p $out
+ cp ${pkgs.coreutils}/bin/id /tmp/id
+ perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"
+ ")'
+ """.strip())
+
+ machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
+
+ machine.succeed("rm /tmp/id")
+ '';
}
diff --git a/tests/shell.nix b/tests/shell.nix
index 6ce59b416..24ebcc04c 100644
--- a/tests/shell.nix
+++ b/tests/shell.nix
@@ -50,7 +50,7 @@ let pkgs = rec {
# ruby "interpreter" that outputs "$@"
ruby = runCommand "ruby" {} ''
mkdir -p $out/bin
- echo 'printf -- "$*"' > $out/bin/ruby
+ echo 'printf %s "$*"' > $out/bin/ruby
chmod a+rx $out/bin/ruby
'';
diff --git a/tests/signing.sh b/tests/signing.sh
index 9e29e3fbf..6aafbeb91 100644
--- a/tests/signing.sh
+++ b/tests/signing.sh
@@ -17,40 +17,40 @@ info=$(nix path-info --json $outPath)
[[ $info =~ 'cache1.example.org' ]]
[[ $info =~ 'cache2.example.org' ]]
-# Test "nix verify".
-nix verify -r $outPath
+# Test "nix store verify".
+nix store verify -r $outPath
-expect 2 nix verify -r $outPath --sigs-needed 1
+expect 2 nix store verify -r $outPath --sigs-needed 1
-nix verify -r $outPath --sigs-needed 1 --trusted-public-keys $pk1
+nix store verify -r $outPath --sigs-needed 1 --trusted-public-keys $pk1
-expect 2 nix verify -r $outPath --sigs-needed 2 --trusted-public-keys $pk1
+expect 2 nix store verify -r $outPath --sigs-needed 2 --trusted-public-keys $pk1
-nix verify -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
+nix store verify -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
-nix verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
+nix store verify --all --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
# Build something unsigned.
outPath2=$(nix-build simple.nix --no-out-link)
-nix verify -r $outPath
+nix store verify -r $outPath
# Verify that the path did not get signed but does have the ultimate bit.
info=$(nix path-info --json $outPath2)
[[ $info =~ '"ultimate":true' ]]
(! [[ $info =~ 'signatures' ]])
-# Test "nix verify".
-nix verify -r $outPath2
+# Test "nix store verify".
+nix store verify -r $outPath2
-expect 2 nix verify -r $outPath2 --sigs-needed 1
+expect 2 nix store verify -r $outPath2 --sigs-needed 1
-expect 2 nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
+expect 2 nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
-# Test "nix sign-paths".
-nix sign-paths --key-file $TEST_ROOT/sk1 $outPath2
+# Test "nix store sign".
+nix store sign --key-file $TEST_ROOT/sk1 $outPath2
-nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
+nix store verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
# Build something content-addressed.
outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)
@@ -59,12 +59,12 @@ outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no
# Content-addressed paths don't need signatures, so they verify
# regardless of --sigs-needed.
-nix verify $outPathCA
-nix verify $outPathCA --sigs-needed 1000
+nix store verify $outPathCA
+nix store verify $outPathCA --sigs-needed 1000
# Check that signing a content-addressed path doesn't overflow validSigs
-nix sign-paths --key-file $TEST_ROOT/sk1 $outPathCA
-nix verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
+nix store sign --key-file $TEST_ROOT/sk1 $outPathCA
+nix store verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
# Copy to a binary cache.
nix copy --to file://$cacheDir $outPath2
@@ -76,7 +76,7 @@ info=$(nix path-info --store file://$cacheDir --json $outPath2)
(! [[ $info =~ 'cache2.example.org' ]])
# Verify that adding a signature to a path in a binary cache works.
-nix sign-paths --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
+nix store sign --store file://$cacheDir --key-file $TEST_ROOT/sk2 $outPath2
info=$(nix path-info --store file://$cacheDir --json $outPath2)
[[ $info =~ 'cache1.example.org' ]]
[[ $info =~ 'cache2.example.org' ]]
@@ -89,17 +89,17 @@ rm -rf $TEST_ROOT/store0
# But succeed if we supply the public keys.
nix copy --to $TEST_ROOT/store0 $outPath --trusted-public-keys $pk1
-expect 2 nix verify --store $TEST_ROOT/store0 -r $outPath
+expect 2 nix store verify --store $TEST_ROOT/store0 -r $outPath
-nix verify --store $TEST_ROOT/store0 -r $outPath --trusted-public-keys $pk1
-nix verify --store $TEST_ROOT/store0 -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
+nix store verify --store $TEST_ROOT/store0 -r $outPath --trusted-public-keys $pk1
+nix store verify --store $TEST_ROOT/store0 -r $outPath --sigs-needed 2 --trusted-public-keys "$pk1 $pk2"
# It should also succeed if we disable signature checking.
(! nix copy --to $TEST_ROOT/store0 $outPath2)
nix copy --to $TEST_ROOT/store0?require-sigs=false $outPath2
# But signatures should still get copied.
-nix verify --store $TEST_ROOT/store0 -r $outPath2 --trusted-public-keys $pk1
+nix store verify --store $TEST_ROOT/store0 -r $outPath2 --trusted-public-keys $pk1
# Content-addressed stuff can be copied without signatures.
nix copy --to $TEST_ROOT/store0 $outPathCA
diff --git a/tests/ssh-relay.sh b/tests/ssh-relay.sh
index dce50974b..053b2f00d 100644
--- a/tests/ssh-relay.sh
+++ b/tests/ssh-relay.sh
@@ -11,6 +11,6 @@ store+=$remote_store
store+=$remote_store
store+=$remote_store
-out=$(nix add-to-store --store "$store" $TEST_ROOT/hello.sh)
+out=$(nix store add-path --store "$store" $TEST_ROOT/hello.sh)
[ foo = $(< $out) ]
diff --git a/tests/tarball.sh b/tests/tarball.sh
index fe65a22e4..d53ec8cd9 100644
--- a/tests/tarball.sh
+++ b/tests/tarball.sh
@@ -10,7 +10,7 @@ mkdir -p $tarroot
cp dependencies.nix $tarroot/default.nix
cp config.nix dependencies.builder*.sh $tarroot/
-hash=$(nix hash-path $tarroot)
+hash=$(nix hash path $tarroot)
test_tarball() {
local ext="$1"