aboutsummaryrefslogtreecommitdiff
path: root/tests/binary-cache.sh
AgeCommit message (Collapse)Author
2022-03-24Add a test for fetchClosure and 'nix store make-content-addressed'Eelco Dolstra
2022-01-18Add a test for 'nix store copy-log' and 'nix log'Eelco Dolstra
2021-07-27Allow running all the tests with the daemonregnat
When `NIX_DAEMON_PACKAGE` is set, make all the tests use the Nix daemon. That way we can test every piece of Nix functionality both with and without the daemon. Tests for which using the daemon isn’t possible or doesn’t make sens can selectively be disabled with `needLocalStore`
2021-02-09Revert "narinfo: Change NAR URLs to be addressed on the NAR hash instead of ↵Graham Christensen
the compressed hash"
2021-02-09Merge pull request #4464 from tweag/nar-narhash-addressedEelco Dolstra
narinfo: Change NAR URLs to be addressed on the NAR hash instead of the compressed hash
2021-01-21narinfo: Change NAR URLs to be addressed on the NAR hash instead of the ↵adisbladis
compressed hash This change is to simplify [Trustix](https://github.com/tweag/trustix) indexing and makes it possible to reconstruct this URL regardless of the compression used. In particular this means that https://github.com/tweag/trustix/blob/7c2e9ca597de233846e0b265fb081626ca6c59d8/contrib/nix/nar/nar.go#L61-L71 can be removed and only the bits that are required to establish trust needs to be published in the Trustix build logs.
2021-01-15Merge remote-tracking branch 'upstream/master' into non-local-store-buildJohn Ericson
2021-01-06Make sodium a required dependencyEelco Dolstra
2021-01-06Add commands for generating secret/public keysEelco Dolstra
2020-12-23Test nix-instantiate with binary cache storeJohn Ericson
Trying to make sure it work with obscurers stores.
2020-12-03Move most store-related commands to 'nix store'Eelco Dolstra
2020-12-03Move NAR-related commands to 'nix nar'Eelco Dolstra
2020-11-17Remove stray debug statementEelco Dolstra
This was causing a failure on macOS. https://hydra.nixos.org/build/130354318
2020-10-26Fix testEelco Dolstra
2020-10-18Tests for #3964Robert Hensing
2020-08-07Fix .ls file names in binary cachesEelco Dolstra
These are not supposed to include the 'name' part of the store path. This was broken by 759947bf72.
2020-08-04Make JSON equality tests agnostic to orderingJohn Ericson
It is in fact more sorted than before, but I don't think we want to guarantee anything about the ordering.
2020-07-13Add a test for local NAR cachingEelco Dolstra
2020-07-13Fix 'nix verify --all' on a binary cache and add a testEelco Dolstra
2020-07-13Add a test for DWARF debug info index generationEelco Dolstra
2020-07-13Add a test for NAR listing generationEelco Dolstra
2020-05-12tests/binary-cache.sh: Improve incomplete closure testEelco Dolstra
Issue #3373.
2020-03-24Misc changes from the flakes branchEelco Dolstra
2018-06-05Don't require --fallback to recover from disappeared binary cache NARsEelco Dolstra
2018-06-05Improve binary cache fallback testEelco Dolstra
2018-06-05Remove non-existent NIX_DEBUG_SUBSTEelco Dolstra
2017-11-20Test: Replace --option with the corresponding flagEelco Dolstra
2017-11-20signed-binary-caches -> require-sigsEelco Dolstra
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
2017-11-20binary-cache-public-keys -> trusted-public-keysEelco Dolstra
The name had become a misnomer since it's not only for substitution from binary caches, but when adding/copying any (non-content-addressed) path to a store.
2017-10-24More progress indicator improvementsEelco Dolstra
In particular, don't show superfluous "fetching path" and "building path(s)" messages, and show the current round (with --repeat).
2017-10-02Fix testsDan Peebles
`nix copy` no longer accepts a `--recursive` argument
2017-03-21Fix tests to reflect the signed-binary-caches default changeEelco Dolstra
2016-08-10Nuke nix-push.Shea Levy
Rarely used, nix copy replaces it.
2016-06-01HttpBinaryCacheStore: Fix caching of WantMassQueryEelco Dolstra
Also, test HttpBinaryCacheStore in addition to LocalBinaryCacheStore.
2016-05-30Test trying the next substitute after a bad signatureEelco Dolstra
2016-05-30Test the NAR info cacheEelco Dolstra
2016-05-30Re-implement binary cache signature checkingEelco Dolstra
This is now done in LocalStore::addToStore(), rather than in the binary cache substituter (which no longer exists).
2016-05-30LocalStore::addToStore: Verify hash of the imported pathEelco Dolstra
2016-04-11Remove manifest supportEelco Dolstra
Manifests have been superseded by binary caches for years. This also gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
2015-02-18nix-store --generate-binary-cache-key: Write key to diskEelco Dolstra
This ensures proper permissions for the secret key.
2015-02-10Make libsodium an optional dependencyEelco Dolstra
2015-02-04Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2014-02-26Test executables in NARsEelco Dolstra
2014-02-17Add a test for repairing pathsEelco Dolstra
2014-01-08Fix signed-binary-caches testEelco Dolstra
2014-01-08Test whether Nix correctly checks the hash of downloaded NARsEelco Dolstra
2014-01-08Support cryptographically signed binary cachesEelco Dolstra
NAR info files in binary caches can now have a cryptographic signature that Nix will verify before using the corresponding NAR file. To create a private/public key pair for signing and verifying a binary cache, do: $ openssl genrsa -out ./cache-key.sec 2048 $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub You should also come up with a symbolic name for the key, such as "cache.example.org-1". This will be used by clients to look up the public key. (It's a good idea to number keys, in case you ever need to revoke/replace one.) To create a binary cache signed with the private key: $ nix-push --dest /path/to/binary-cache --key ./cache-key.sec --key-name cache.example.org-1 The public key (cache-key.pub) should be distributed to the clients. They should have a nix.conf should contain something like: signed-binary-caches = * binary-cache-public-key-cache.example.org-1 = /path/to/cache-key.pub If all works well, then if Nix fetches something from the signed binary cache, you will see a message like: *** Downloading ‘http://cache.example.org/nar/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’ (signed by ‘cache.example.org-1’) to ‘/nix/store/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’... On the other hand, if the signature is wrong, you get a message like NAR info file `http://cache.example.org/7dppcj5sc1nda7l54rjc0g5l1hamj09j.narinfo' has an invalid signature; ignoring Signatures are implemented as a single line appended to the NAR info file, which looks like this: Signature: 1;cache.example.org-1;HQ9Xzyanq9iV...muQ== Thus the signature has 3 fields: a version (currently "1"), the ID of key, and the base64-encoded signature of the SHA-256 hash of the contents of the NAR info file up to but not including the Signature line. Issue #75.
2013-07-01Add support for uncompressed NARs in binary cachesEelco Dolstra
Issue NixOS/hydra#102.
2013-04-23Test whether --fallback works if NARS have disappeared from the binary cacheEelco Dolstra
2013-04-23Test NAR info cachingEelco Dolstra
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 21:44:08 +0000