diff options
-rw-r--r-- | .github/dependabot.yml | 6 | ||||
-rw-r--r-- | .github/workflows/test.yml | 2 | ||||
-rw-r--r-- | doc/manual/installation/installing-binary.xml | 6 | ||||
-rw-r--r-- | scripts/install-multi-user.sh | 4 | ||||
-rw-r--r-- | scripts/install-nix-from-closure.sh | 2 | ||||
-rw-r--r-- | src/libstore/build.cc | 7 | ||||
-rw-r--r-- | src/libstore/builtins/fetchurl.cc | 9 | ||||
-rw-r--r-- | src/libstore/derivations.cc | 17 | ||||
-rw-r--r-- | src/libutil/archive.cc | 2 | ||||
-rw-r--r-- | src/libutil/error.hh | 6 | ||||
-rw-r--r-- | src/libutil/hash.cc | 27 | ||||
-rw-r--r-- | src/libutil/hash.hh | 2 | ||||
-rw-r--r-- | src/libutil/tests/logging.cc | 18 | ||||
-rw-r--r-- | tests/build-hook.nix | 32 | ||||
-rw-r--r-- | tests/build-remote.sh | 33 | ||||
-rw-r--r-- | tests/common.sh.in | 1 | ||||
-rw-r--r-- | tests/post-hook.sh | 2 | ||||
-rw-r--r-- | tests/recursive.sh | 2 | ||||
-rw-r--r-- | tests/structured-attrs.sh | 2 |
19 files changed, 125 insertions, 55 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5ace4600a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7feefc855..7755466a0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,5 +10,5 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v8 + - uses: cachix/install-nix-action@v10 - run: nix-build release.nix --arg nix '{ outPath = ./.; revCount = 123; shortRev = "abcdefgh"; }' --arg systems '[ builtins.currentSystem ]' -A installerScript -A perlBindings diff --git a/doc/manual/installation/installing-binary.xml b/doc/manual/installation/installing-binary.xml index d25c46b85..64c7a37fb 100644 --- a/doc/manual/installation/installing-binary.xml +++ b/doc/manual/installation/installing-binary.xml @@ -97,7 +97,7 @@ $ rm -rf /nix installation on your system: </para> - <screen>sh <(curl https://nixos.org/nix/install) --daemon</screen> + <screen>sh <(curl -L https://nixos.org/nix/install) --daemon</screen> <para> The multi-user installation of Nix will create build users between @@ -178,7 +178,7 @@ sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist is a bit of a misnomer). To use this approach, just install Nix with: </para> - <screen>$ sh <(curl https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume</screen> + <screen>$ sh <(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume</screen> <para> If you don't like the sound of this, you'll want to weigh the @@ -429,7 +429,7 @@ LABEL=Nix\040Store /nix apfs rw,nobrowse NixOS.org installation script: <screen> - sh <(curl https://nixos.org/nix/install) + sh <(curl -L https://nixos.org/nix/install) </screen> </para> diff --git a/scripts/install-multi-user.sh b/scripts/install-multi-user.sh index 157e8ddb4..00c9d540b 100644 --- a/scripts/install-multi-user.sh +++ b/scripts/install-multi-user.sh @@ -526,7 +526,7 @@ This script is going to call sudo a lot. Normally, it would show you exactly what commands it is running and why. However, the script is run in a headless fashion, like this: - $ curl https://nixos.org/nix/install | sh + $ curl -L https://nixos.org/nix/install | sh or maybe in a CI pipeline. Because of that, we're going to skip the verbose output in the interest of brevity. @@ -534,7 +534,7 @@ verbose output in the interest of brevity. If you would like to see the output, try like this: - $ curl -o install-nix https://nixos.org/nix/install + $ curl -L -o install-nix https://nixos.org/nix/install $ sh ./install-nix EOF diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh index 826ca8b8c..5824c2217 100644 --- a/scripts/install-nix-from-closure.sh +++ b/scripts/install-nix-from-closure.sh @@ -113,7 +113,7 @@ if [ "$(uname -s)" = "Darwin" ]; then ( echo "" echo "Installing on macOS >=10.15 requires relocating the store to an apfs volume." - echo "Use sh <(curl https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume or run the preparation steps manually." + echo "Use sh <(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume or run the preparation steps manually." echo "See https://nixos.org/nix/manual/#sect-macos-installation" echo "" ) >&2 diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 0c25897f8..9ac5fd923 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1950,8 +1950,11 @@ void linkOrCopy(const Path & from, const Path & to) /* Hard-linking fails if we exceed the maximum link count on a file (e.g. 32000 of ext3), which is quite possible after a 'nix-store --optimise'. FIXME: actually, why don't we just - bind-mount in this case? */ - if (errno != EMLINK) + bind-mount in this case? + + It can also fail with EPERM in BeegFS v7 and earlier versions + which don't allow hard-links to other directories */ + if (errno != EMLINK && errno != EPERM) throw SysError("linking '%s' to '%s'", to, from); copyPath(from, to); } diff --git a/src/libstore/builtins/fetchurl.cc b/src/libstore/builtins/fetchurl.cc index 1cfe4a46a..e630cf6f1 100644 --- a/src/libstore/builtins/fetchurl.cc +++ b/src/libstore/builtins/fetchurl.cc @@ -58,13 +58,16 @@ void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData) } }; + /* We always have one output, and if it's a fixed-output derivation (as + checked below) it must be the only output */ + auto & output = drv.outputs.begin()->second; + /* Try the hashed mirrors first. */ - if (getAttr("outputHashMode") == "flat") + if (output.hash && output.hash->method == FileIngestionMethod::Flat) for (auto hashedMirror : settings.hashedMirrors.get()) try { if (!hasSuffix(hashedMirror, "/")) hashedMirror += '/'; - auto ht = parseHashTypeOpt(getAttr("outputHashAlgo")); - auto h = Hash(getAttr("outputHash"), ht); + auto & h = output.hash->hash; fetch(hashedMirror + printHashType(*h.type) + "/" + h.to_string(Base16, false)); return; } catch (Error & e) { diff --git a/src/libstore/derivations.cc b/src/libstore/derivations.cc index 6c49075ba..42551ef6b 100644 --- a/src/libstore/derivations.cc +++ b/src/libstore/derivations.cc @@ -404,7 +404,7 @@ static DerivationOutput readDerivationOutput(Source & in, const Store & store) { auto path = store.parseStorePath(readString(in)); auto hashAlgo = readString(in); - const auto hash = readString(in); + auto hash = readString(in); std::optional<FixedOutputHash> fsh; if (hashAlgo != "") { @@ -413,7 +413,7 @@ static DerivationOutput readDerivationOutput(Source & in, const Store & store) method = FileIngestionMethod::Recursive; hashAlgo = string(hashAlgo, 2); } - const HashType hashType = parseHashType(hashAlgo); + auto hashType = parseHashType(hashAlgo); fsh = FixedOutputHash { .method = std::move(method), .hash = Hash(hash, hashType), @@ -463,11 +463,16 @@ Source & readDerivation(Source & in, const Store & store, BasicDerivation & drv) void writeDerivation(Sink & out, const Store & store, const BasicDerivation & drv) { out << drv.outputs.size(); - for (auto & i : drv.outputs) + for (auto & i : drv.outputs) { out << i.first - << store.printStorePath(i.second.path) - << i.second.hash->printMethodAlgo() - << i.second.hash->hash.to_string(Base16, false); + << store.printStorePath(i.second.path); + if (i.second.hash) { + out << i.second.hash->printMethodAlgo() + << i.second.hash->hash.to_string(Base16, false); + } else { + out << "" << ""; + } + } writeStorePaths(store, out, drv.inputSrcs); out << drv.platform << drv.builder << drv.args; out << drv.env.size(); diff --git a/src/libutil/archive.cc b/src/libutil/archive.cc index 6a8484705..51c88537e 100644 --- a/src/libutil/archive.cc +++ b/src/libutil/archive.cc @@ -262,7 +262,7 @@ static void parse(ParseSink & sink, Source & source, const Path & path) names[name] = 0; } } else if (s == "node") { - if (s.empty()) throw badArchive("entry name missing"); + if (name.empty()) throw badArchive("entry name missing"); parse(sink, source, path + "/" + name); } else throw badArchive("unknown field " + s); diff --git a/src/libutil/error.hh b/src/libutil/error.hh index a9da72b54..4e86666fe 100644 --- a/src/libutil/error.hh +++ b/src/libutil/error.hh @@ -82,7 +82,11 @@ struct ErrPos { origin = pos.origin; line = pos.line; column = pos.column; - file = pos.file; + // is file symbol null? + if (pos.file.set()) + file = pos.file; + else + file = ""; return *this; } diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc index c8fcdfed0..01fae3044 100644 --- a/src/libutil/hash.cc +++ b/src/libutil/hash.cc @@ -19,7 +19,7 @@ namespace nix { void Hash::init() { - if (!type) abort(); + assert(type); switch (*type) { case htMD5: hashSize = md5HashSize; break; case htSHA1: hashSize = sha1HashSize; break; @@ -101,15 +101,15 @@ static string printHash32(const Hash & hash) string printHash16or32(const Hash & hash) { + assert(hash.type); return hash.to_string(hash.type == htMD5 ? Base16 : Base32, false); } -HashType assertInitHashType(const Hash & h) { - if (h.type) - return *h.type; - else - abort(); +HashType assertInitHashType(const Hash & h) +{ + assert(h.type); + return *h.type; } std::string Hash::to_string(Base base, bool includeType) const @@ -363,14 +363,15 @@ HashType parseHashType(const string & s) string printHashType(HashType ht) { switch (ht) { - case htMD5: return "md5"; break; - case htSHA1: return "sha1"; break; - case htSHA256: return "sha256"; break; - case htSHA512: return "sha512"; break; + case htMD5: return "md5"; + case htSHA1: return "sha1"; + case htSHA256: return "sha256"; + case htSHA512: return "sha512"; + default: + // illegal hash type enum value internally, as opposed to external input + // which should be validated with nice error message. + abort(); } - // illegal hash type enum value internally, as opposed to external input - // which should be validated with nice error message. - abort(); } } diff --git a/src/libutil/hash.hh b/src/libutil/hash.hh index 0d9916508..23259dced 100644 --- a/src/libutil/hash.hh +++ b/src/libutil/hash.hh @@ -10,7 +10,7 @@ namespace nix { MakeError(BadHash, Error); -enum HashType : char { htMD5, htSHA1, htSHA256, htSHA512 }; +enum HashType : char { htMD5 = 42, htSHA1, htSHA256, htSHA512 }; const int md5HashSize = 16; diff --git a/src/libutil/tests/logging.cc b/src/libutil/tests/logging.cc index 1bd90f009..221b1be1b 100644 --- a/src/libutil/tests/logging.cc +++ b/src/libutil/tests/logging.cc @@ -334,4 +334,22 @@ namespace nix { "what about this " ANSI_YELLOW "%3%" ANSI_NORMAL " " ANSI_YELLOW "one" ANSI_NORMAL); } + + /* ---------------------------------------------------------------------------- + * ErrPos + * --------------------------------------------------------------------------*/ + + TEST(errpos, invalidPos) { + + // contains an invalid symbol, which we should not dereference! + Pos invalid; + + // constructing without access violation. + ErrPos ep(invalid); + + // assignment without access violation. + ep = invalid; + + } + } diff --git a/tests/build-hook.nix b/tests/build-hook.nix index 8c5ca8cd3..a19c10dde 100644 --- a/tests/build-hook.nix +++ b/tests/build-hook.nix @@ -1,23 +1,39 @@ +{ busybox }: + with import ./config.nix; let + mkDerivation = args: + derivation ({ + inherit system; + builder = busybox; + args = ["sh" "-e" args.builder or (builtins.toFile "builder-${args.name}.sh" "if [ -e .attrs.sh ]; then source .attrs.sh; fi; eval \"$buildCommand\"")]; + } // removeAttrs args ["builder" "meta"]) + // { meta = args.meta or {}; }; + input1 = mkDerivation { - name = "build-hook-input-1"; - buildCommand = "mkdir $out; echo FOO > $out/foo"; + shell = busybox; + name = "build-remote-input-1"; + buildCommand = "echo FOO > $out"; requiredSystemFeatures = ["foo"]; }; input2 = mkDerivation { - name = "build-hook-input-2"; - buildCommand = "mkdir $out; echo BAR > $out/bar"; + shell = busybox; + name = "build-remote-input-2"; + buildCommand = "echo BAR > $out"; }; in mkDerivation { - name = "build-hook"; - builder = ./dependencies.builder0.sh; - input1 = " " + input1 + "/."; - input2 = " ${input2}/."; + shell = busybox; + name = "build-remote"; + buildCommand = + '' + read x < ${input1} + read y < ${input2} + echo $x$y > $out + ''; } diff --git a/tests/build-remote.sh b/tests/build-remote.sh index a550f4460..4dfb753e1 100644 --- a/tests/build-remote.sh +++ b/tests/build-remote.sh @@ -3,22 +3,29 @@ source common.sh clearStore if ! canUseSandbox; then exit; fi -if [[ ! $SHELL =~ /nix/store ]]; then exit; fi +if ! [[ $busybox =~ busybox ]]; then exit; fi -chmod -R u+w $TEST_ROOT/store0 || true -chmod -R u+w $TEST_ROOT/store1 || true -rm -rf $TEST_ROOT/store0 $TEST_ROOT/store1 +chmod -R u+w $TEST_ROOT/machine0 || true +chmod -R u+w $TEST_ROOT/machine1 || true +chmod -R u+w $TEST_ROOT/machine2 || true +rm -rf $TEST_ROOT/machine0 $TEST_ROOT/machine1 $TEST_ROOT/machine2 +rm -f $TEST_ROOT/result -nix build -f build-hook.nix -o $TEST_ROOT/result --max-jobs 0 \ - --sandbox-paths /nix/store --sandbox-build-dir /build-tmp \ - --builders "$TEST_ROOT/store0; $TEST_ROOT/store1 - - 1 1 foo" \ +unset NIX_STORE_DIR +unset NIX_STATE_DIR + +# Note: ssh://localhost bypasses ssh, directly invoking nix-store as a +# child process. This allows us to test LegacySSHStore::buildDerivation(). +nix build -L -v -f build-hook.nix -o $TEST_ROOT/result --max-jobs 0 \ + --arg busybox $busybox \ + --store $TEST_ROOT/machine0 \ + --builders "ssh://localhost?remote-store=$TEST_ROOT/machine1; $TEST_ROOT/machine2 - - 1 1 foo" \ --system-features foo -outPath=$TEST_ROOT/result +outPath=$(readlink -f $TEST_ROOT/result) -cat $outPath/foobar | grep FOOBAR +cat $TEST_ROOT/machine0/$outPath | grep FOOBAR -# Ensure that input1 was built on store1 due to the required feature. -p=$(readlink -f $outPath/input-2) -(! nix path-info --store $TEST_ROOT/store0 --all | grep builder-build-hook-input-1.sh) -nix path-info --store $TEST_ROOT/store1 --all | grep builder-build-hook-input-1.sh +# Ensure that input1 was built on store2 due to the required feature. +(! nix path-info --store $TEST_ROOT/machine1 --all | grep builder-build-remote-input-1.sh) +nix path-info --store $TEST_ROOT/machine2 --all | grep builder-build-remote-input-1.sh diff --git a/tests/common.sh.in b/tests/common.sh.in index dd7e61822..73fe77345 100644 --- a/tests/common.sh.in +++ b/tests/common.sh.in @@ -35,6 +35,7 @@ export xmllint="@xmllint@" export SHELL="@bash@" export PAGER=cat export HAVE_SODIUM="@HAVE_SODIUM@" +export busybox="@sandbox_shell@" export version=@PACKAGE_VERSION@ export system=@system@ diff --git a/tests/post-hook.sh b/tests/post-hook.sh index a02657215..aa3e6a574 100644 --- a/tests/post-hook.sh +++ b/tests/post-hook.sh @@ -2,6 +2,8 @@ source common.sh clearStore +rm -f $TEST_ROOT/result + export REMOTE_STORE=$TEST_ROOT/remote_store # Build the dependencies and push them to the remote store diff --git a/tests/recursive.sh b/tests/recursive.sh index 394ae5ddb..2d4f83895 100644 --- a/tests/recursive.sh +++ b/tests/recursive.sh @@ -5,6 +5,8 @@ if [[ $(uname) != Linux ]]; then exit; fi clearStore +rm -f $TEST_ROOT/result + export unreachable=$(nix add-to-store ./recursive.sh) nix --experimental-features 'nix-command recursive-nix' build -o $TEST_ROOT/result -L '( diff --git a/tests/structured-attrs.sh b/tests/structured-attrs.sh index 646bdb876..dcfe6d580 100644 --- a/tests/structured-attrs.sh +++ b/tests/structured-attrs.sh @@ -2,6 +2,8 @@ source common.sh clearStore +rm -f $TEST_ROOT/result + nix-build structured-attrs.nix -A all -o $TEST_ROOT/result [[ $(cat $TEST_ROOT/result/foo) = bar ]] |