aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2019-05-12build: add test for sandboxed --checkDaiderd Jordan
2019-05-08fix hashfile test that wasn't failing due to eval lazinessWill Dietz
See: https://github.com/NixOS/nix/commit/7becb1bf1c2ec1544a5374580a97b36273506baf#r33450554
2019-05-03Add builtins.hashFileDaniel Schaefer
For text files it is possible to do it like so: `builtins.hashString "sha256" (builtins.readFile /tmp/a)` but that doesn't work for binary files. With builtins.hashFile any kind of file can be conveniently hashed.
2019-03-27Update eval-okay-types.exp to match #1828Eelco Dolstra
2019-03-24Add isPath primopzimbatm
this is added for completeness' sake since all the other possible `builtins.typeOf` results have a corresponding `builtins.is<Type>`
2019-03-10Update tests to the new --roots formatGuillaume Maudoux
2019-03-04Restore --init calls in testsEelco Dolstra
2019-02-22remove noop uses of nix-store --initzimbatm
the nix-store --init command is a noop apparently
2019-01-31Add builtins.appendContext.Shea Levy
A partner of builtins.getContext, useful for the same reasons.
2019-01-14Add builtins.getContext.Shea Levy
This can be very helpful when debugging, as well as enabling complex black magic like surgically removing a single dependency from a string's context.
2018-12-14tests/fetchurl: fix after changing default hash from 512 to 256Will Dietz
2018-12-13Support SRI hashesEelco Dolstra
SRI hashes (https://www.w3.org/TR/SRI/) combine the hash algorithm and a base-64 hash. This allows more concise and standard hash specifications. For example, instead of import <nix/fetchurl.nl> { url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz; sha256 = "5d22dad058d5c800d65a115f919da22938c50dd6ba98c5e3a183172d149840a4"; }; you can write import <nix/fetchurl.nl> { url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz; hash = "sha256-XSLa0FjVyADWWhFfkZ2iKTjFDda6mMXjoYMXLRSYQKQ="; }; In fixed-output derivations, the outputHashAlgo is no longer mandatory if outputHash specifies the hash (either as an SRI or in the old "<type>:<hash>" format). 'nix hash-{file,path}' now print hashes in SRI format by default. I also reverted them to use SHA-256 by default because that's what we're using most of the time in Nixpkgs. Suggested by @zimbatm.
2018-11-20Merge branch 'better-git-cache' of https://github.com/graham-at-target/nixEelco Dolstra
2018-11-07Enable sandboxing by defaultEelco Dolstra
Closes #179.
2018-10-27Restore old (dis)allowedRequisites behaviour for self-referencesEelco Dolstra
stdenv relies on this. So ignore self-references (but only in legacy non-structured attributes mode).
2018-10-23Per-output reference and closure size checksEelco Dolstra
In structured-attributes derivations, you can now specify per-output checks such as: outputChecks."out" = { # The closure of 'out' must not be larger than 256 MiB. maxClosureSize = 256 * 1024 * 1024; # It must not refer to C compiler or to the 'dev' output. disallowedRequisites = [ stdenv.cc "dev" ]; }; outputChecks."dev" = { # The 'dev' output must not be larger than 128 KiB. maxSize = 128 * 1024; }; Also fixed a bug in allowedRequisites that caused it to ignore self-references.
2018-10-08Merge pull request #2452 from ElvishJerricco/verify-sigs-overflowEelco Dolstra
Fix overflow when verifying signatures of content addressable paths
2018-09-28Check requiredSystemFeatures for local buildsEelco Dolstra
For example, this prevents a "kvm" build on machines that don't have KVM. Fixes #2012.
2018-09-25Add a test for signed content-addressed pathsWill Fancher
2018-09-10Prefer 'remote builder' over 'slave'Graham Christensen
2018-08-19FIx floating point evaluationEelco Dolstra
Fixes #2361.
2018-08-17fetchGit: use a better caching schemeGraham Christensen
The current usage technically works by putting multiple different repos in to the same git directory. However, it is very slow as Git tries very hard to find common commits between the two repositories. If the two repositories are large (like Nixpkgs and another long-running project,) it is maddeningly slow. This change busts the cache for existing deployments, but users will be promptly repaid in per-repository performance.
2018-08-06Require libbrotliEelco Dolstra
2018-08-03Add a test for LegacySSHStore that doesn't require a VMEelco Dolstra
2018-08-03Merge pull request #2326 from aszlig/fix-symlink-leakEelco Dolstra
Fix symlink leak in restricted eval mode
2018-08-03Fix symlink leak in restricted eval modeaszlig
In EvalState::checkSourcePath, the path is checked against the list of allowed paths first and later it's checked again *after* resolving symlinks. The resolving of the symlinks is done via canonPath, which also strips out "../" and "./". However after the canonicalisation the error message pointing out that the path is not allowed prints the symlink target in the error message. Even if we'd suppress the message, symlink targets could still be leaked if the symlink target doesn't exist (in this case the error is thrown in canonPath). So instead, we now do canonPath() without symlink resolving first before even checking against the list of allowed paths and then later do the symlink resolving and checking the allowed paths again. The first call to canonPath() should get rid of all the "../" and "./", so in theory the only way to leak a symlink if the attacker is able to put a symlink in one of the paths allowed by restricted evaluation mode. For the latter I don't think this is part of the threat model, because if the attacker can write to that path, the attack vector is even larger. Signed-off-by: aszlig <aszlig@nix.build>
2018-08-02Allows selectively adding environment variables to pure shells.Samuel Dionne-Riel
Includes documentation and test.
2018-07-05lib.concatMap and lib.mapAttrs to be builtinsvolth
2018-07-03tests/search.sh: minor fix to unbreak tests after search ux mergeWill Dietz
2018-07-03Add a fromTOML primopEelco Dolstra
This is primarily useful for processing Cargo.lock files.
2018-06-06tests: more robust check for user namespaces availability (canUseSandbox)Aleksandr Pashkov
Issue https://github.com/NixOS/nix/issues/2165
2018-06-05Don't require --fallback to recover from disappeared binary cache NARsEelco Dolstra
2018-06-05Improve binary cache fallback testEelco Dolstra
2018-06-05Remove non-existent NIX_DEBUG_SUBSTEelco Dolstra
2018-05-30Modularize config settingsEelco Dolstra
Allow global config settings to be defined in multiple Config classes. For example, this means that libutil can have settings and evaluator settings can be moved out of libstore. The Config classes are registered in a new GlobalConfig class to which config files etc. are applied. Relevant to https://github.com/NixOS/nix/issues/2009 in that it removes the need for ad hoc handling of useCaseHack, which was the underlying cause of that issue.
2018-05-24add docs and testsvolth
2018-05-11Don't return negative numbers from the flex tokenizerEelco Dolstra
Fixes #1374. Closes #2129.
2018-05-02Fix builtins.add testEelco Dolstra
Nix prints the floating point number 4.0 as "4".
2018-04-29add tests for builtins.addTim Sears
2018-04-23Merge branch 'pos-crash-fix' of git://github.com/dezgeg/nixShea Levy
2018-04-23Merge branch 'add-test-eval-okay-nested-with' of ↵Shea Levy
git://github.com/ryantrinkle/nix
2018-04-18add tests for multi searchDaniel Poelzleithner
2018-04-09Merge branch 'fix/ruby-shebang' of git://github.com/samueldr/nixShea Levy
2018-04-09Hardcodes `nix-shell` instead of `/usr/bin/env nix-shell`...Samuel Dionne-Riel
... in the ruby shebang test.
2018-04-08Adds `nix-shell` test for special-cased ruby interpreter.Samuel Dionne-Riel
The test fakes the interpreter only to verify the arguments it would be given.
2018-04-06Add missing eval-okay-regex-split.exp test fileDoug Beardsley
2018-04-03libexpr: Make unsafeGetAttrPos not crash on noPosTuomas Tynkkynen
Currently e.g. `builtins.unsafeGetAttrPos "abort" builtins` will eventually segfault because pos->file is an unset Symbol. Found by afl-fuzz.
2018-03-30Add test eval-okay-nested-withRyan Trinkle
2018-03-16nix-shell: allow symlinks to .drvsLinus Heckemann
This makes persistent shell environments easier to use.
2018-03-16Merge pull request #1939 from dezgeg/lexer-fixEelco Dolstra
libexpr: Recognize newline in more places in lexer