aboutsummaryrefslogtreecommitdiff
path: root/tests/ca
diff options
context:
space:
mode:
Diffstat (limited to 'tests/ca')
-rw-r--r--tests/ca/build.sh69
-rw-r--r--tests/ca/common.sh1
-rw-r--r--tests/ca/content-addressed.nix77
-rwxr-xr-xtests/ca/nix-copy.sh34
-rw-r--r--tests/ca/signatures.sh39
-rw-r--r--tests/ca/substitute.sh24
6 files changed, 244 insertions, 0 deletions
diff --git a/tests/ca/build.sh b/tests/ca/build.sh
new file mode 100644
index 000000000..35bf1dcf7
--- /dev/null
+++ b/tests/ca/build.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+source common.sh
+
+drv=$(nix-instantiate --experimental-features ca-derivations ./content-addressed.nix -A rootCA --arg seed 1)
+nix --experimental-features 'nix-command ca-derivations' show-derivation --derivation "$drv" --arg seed 1
+
+buildAttr () {
+ local derivationPath=$1
+ local seedValue=$2
+ shift; shift
+ local args=("--experimental-features" "ca-derivations" "./content-addressed.nix" "-A" "$derivationPath" --arg seed "$seedValue" "--no-out-link")
+ args+=("$@")
+ nix-build "${args[@]}"
+}
+
+testRemoteCache () {
+ clearCache
+ local outPath=$(buildAttr dependentNonCA 1)
+ nix copy --to file://$cacheDir $outPath
+ clearStore
+ buildAttr dependentNonCA 1 --option substituters file://$cacheDir --no-require-sigs |& (! grep "building dependent-non-ca")
+}
+
+testDeterministicCA () {
+ [[ $(buildAttr rootCA 1) = $(buildAttr rootCA 2) ]]
+}
+
+testCutoffFor () {
+ local out1 out2
+ out1=$(buildAttr $1 1)
+ # The seed only changes the root derivation, and not it's output, so the
+ # dependent derivations should only need to be built once.
+ buildAttr rootCA 2
+ out2=$(buildAttr $1 2 -j0)
+ test "$out1" == "$out2"
+}
+
+testCutoff () {
+ # Don't directly build depenentCA, that way we'll make sure we dodn't rely on
+ # dependent derivations always being already built.
+ #testDerivation dependentCA
+ testCutoffFor transitivelyDependentCA
+ testCutoffFor dependentNonCA
+ testCutoffFor dependentFixedOutput
+}
+
+testGC () {
+ nix-instantiate --experimental-features ca-derivations ./content-addressed.nix -A rootCA --arg seed 5
+ nix-collect-garbage --experimental-features ca-derivations --option keep-derivations true
+ clearStore
+ buildAttr rootCA 1 --out-link $TEST_ROOT/rootCA
+ nix-collect-garbage --experimental-features ca-derivations
+ buildAttr rootCA 1 -j0
+}
+
+testNixCommand () {
+ clearStore
+ nix build --experimental-features 'nix-command ca-derivations' --file ./content-addressed.nix --no-link
+}
+
+# Disabled until we have it properly working
+# testRemoteCache
+clearStore
+testDeterministicCA
+clearStore
+testCutoff
+testGC
+testNixCommand
diff --git a/tests/ca/common.sh b/tests/ca/common.sh
new file mode 100644
index 000000000..e083d873c
--- /dev/null
+++ b/tests/ca/common.sh
@@ -0,0 +1 @@
+source ../common.sh
diff --git a/tests/ca/content-addressed.nix b/tests/ca/content-addressed.nix
new file mode 100644
index 000000000..e5b1c4de3
--- /dev/null
+++ b/tests/ca/content-addressed.nix
@@ -0,0 +1,77 @@
+with import ../config.nix;
+
+{ seed ? 0 }:
+# A simple content-addressed derivation.
+# The derivation can be arbitrarily modified by passing a different `seed`,
+# but the output will always be the same
+rec {
+ rootLegacy = mkDerivation {
+ name = "simple-input-addressed";
+ buildCommand = ''
+ set -x
+ echo "Building a legacy derivation"
+ mkdir -p $out
+ echo "Hello World" > $out/hello
+ '';
+ };
+ rootCA = mkDerivation {
+ name = "rootCA";
+ outputs = [ "out" "dev" "foo"];
+ buildCommand = ''
+ echo "building a CA derivation"
+ echo "The seed is ${toString seed}"
+ mkdir -p $out
+ echo ${rootLegacy}/hello > $out/dep
+ ln -s $out $out/self
+ # test symlinks at root
+ ln -s $out $dev
+ ln -s $out $foo
+ '';
+ __contentAddressed = true;
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ };
+ dependentCA = mkDerivation {
+ name = "dependent";
+ buildCommand = ''
+ echo "building a dependent derivation"
+ mkdir -p $out
+ cat ${rootCA}/self/dep
+ echo ${rootCA}/self/dep > $out/dep
+ '';
+ __contentAddressed = true;
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ };
+ transitivelyDependentCA = mkDerivation {
+ name = "transitively-dependent";
+ buildCommand = ''
+ echo "building transitively-dependent"
+ cat ${dependentCA}/dep
+ echo ${dependentCA} > $out
+ '';
+ __contentAddressed = true;
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ };
+ dependentNonCA = mkDerivation {
+ name = "dependent-non-ca";
+ buildCommand = ''
+ echo "Didn't cut-off"
+ echo "building dependent-non-ca"
+ mkdir -p $out
+ echo ${rootCA}/non-ca-hello > $out/dep
+ '';
+ };
+ dependentFixedOutput = mkDerivation {
+ name = "dependent-fixed-output";
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ outputHash = "sha256-QvtAMbUl/uvi+LCObmqOhvNOapHdA2raiI4xG5zI5pA=";
+ buildCommand = ''
+ cat ${dependentCA}/dep
+ echo foo > $out
+ '';
+
+ };
+}
diff --git a/tests/ca/nix-copy.sh b/tests/ca/nix-copy.sh
new file mode 100755
index 000000000..2e0dea2d2
--- /dev/null
+++ b/tests/ca/nix-copy.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+source common.sh
+
+# Globally enable the ca derivations experimental flag
+sed -i 's/experimental-features = .*/& ca-derivations ca-references/' "$NIX_CONF_DIR/nix.conf"
+
+export REMOTE_STORE_DIR="$TEST_ROOT/remote_store"
+export REMOTE_STORE="file://$REMOTE_STORE_DIR"
+
+ensureCorrectlyCopied () {
+ attrPath="$1"
+ nix build --store "$REMOTE_STORE" --file ./content-addressed.nix "$attrPath"
+}
+
+testOneCopy () {
+ clearStore
+ rm -rf "$REMOTE_STORE_DIR"
+
+ attrPath="$1"
+ nix copy --to $REMOTE_STORE "$attrPath" --file ./content-addressed.nix
+
+ ensureCorrectlyCopied "$attrPath"
+
+ # Ensure that we can copy back what we put in the store
+ clearStore
+ nix copy --from $REMOTE_STORE \
+ --file ./content-addressed.nix "$attrPath" \
+ --no-check-sigs
+}
+
+for attrPath in rootCA dependentCA transitivelyDependentCA dependentNonCA dependentFixedOutput; do
+ testOneCopy "$attrPath"
+done
diff --git a/tests/ca/signatures.sh b/tests/ca/signatures.sh
new file mode 100644
index 000000000..4b4e468f7
--- /dev/null
+++ b/tests/ca/signatures.sh
@@ -0,0 +1,39 @@
+source common.sh
+
+# Globally enable the ca derivations experimental flag
+sed -i 's/experimental-features = .*/& ca-derivations ca-references/' "$NIX_CONF_DIR/nix.conf"
+
+clearStore
+clearCache
+
+nix-store --generate-binary-cache-key cache1.example.org $TEST_ROOT/sk1 $TEST_ROOT/pk1
+pk1=$(cat $TEST_ROOT/pk1)
+
+export REMOTE_STORE_DIR="$TEST_ROOT/remote_store"
+export REMOTE_STORE="file://$REMOTE_STORE_DIR"
+
+ensureCorrectlyCopied () {
+ attrPath="$1"
+ nix build --store "$REMOTE_STORE" --file ./content-addressed.nix "$attrPath"
+}
+
+testOneCopy () {
+ clearStore
+ rm -rf "$REMOTE_STORE_DIR"
+
+ attrPath="$1"
+ nix copy --to $REMOTE_STORE "$attrPath" --file ./content-addressed.nix \
+ --secret-key-files "$TEST_ROOT/sk1"
+
+ ensureCorrectlyCopied "$attrPath"
+
+ # Ensure that we can copy back what we put in the store
+ clearStore
+ nix copy --from $REMOTE_STORE \
+ --file ./content-addressed.nix "$attrPath" \
+ --trusted-public-keys $pk1
+}
+
+for attrPath in rootCA dependentCA transitivelyDependentCA dependentNonCA dependentFixedOutput; do
+ testOneCopy "$attrPath"
+done
diff --git a/tests/ca/substitute.sh b/tests/ca/substitute.sh
new file mode 100644
index 000000000..b44fe499a
--- /dev/null
+++ b/tests/ca/substitute.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Ensure that binary substitution works properly with ca derivations
+
+source common.sh
+
+sed -i 's/experimental-features .*/& ca-derivations ca-references/' "$NIX_CONF_DIR"/nix.conf
+
+rm -rf $TEST_ROOT/binary_cache
+
+export REMOTE_STORE=file://$TEST_ROOT/binary_cache
+
+buildDrvs () {
+ nix build --file ./content-addressed.nix -L --no-link "$@"
+}
+
+# Populate the remote cache
+clearStore
+buildDrvs --post-build-hook ../push-to-store.sh
+
+# Restart the build on an empty store, ensuring that we don't build
+clearStore
+buildDrvs --substitute --substituters $REMOTE_STORE --no-require-sigs -j0
+