Commit graph

1834 commits

Author SHA1 Message Date
puck 6f36a8834c Copy the output of fixed-output derivations before registering them
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered. To avoid that issue, don't register the output of the build,
but a copy of it (that will be free of any leaked file descriptor).

Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.

(cherry picked from commit 2dadfeb690e7f4b8f97298e29791d202fdba5ca6)
(tests cherry picked from commit c854ae5b3078ac5d99fa75fe148005044809e18c)

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Theophane Hufschmitt <theophane.hufschmitt@tweag.io>
Co-authored-by: Tom Bereknyei <tomberek@gmail.com>

Change-Id: I87cd58f1c0a4f7b7a610d354206b33301e47b1a4
2024-03-07 01:44:58 +00:00
eldritch horrors 2e1f5e2666 Merge pull request #9105 from Ericson2314/split-out-nixos-tests
Define NixOS tests in `tests/nixos/default.nix` rather than `flake.nix`

(cherry picked from commit c29b8ba142a0650d1182ca838ddc1b2d273dcd2a)
Change-Id: Ieae1b6476d95024485df7067e008013bc5542039
2024-03-05 21:11:59 +01:00
eldritch horrors 96a3683308 Ban building Nix with NDEBUG
When reviewing old PRs, I found that #9997 adds some code to ensure one
particular assert is always present. But, removing asserts isn't
something we do in our own release builds either in the flake here or in
nixpkgs, and is plainly a bad idea that increases support burden,
especially if other distros make bad choices of build flags in their Nix
packaging.

For context, the assert macro in the C standard is defined to do nothing
if NDEBUG is set.

There is no way in our build system to set -DNDEBUG without manually
adding it to CFLAGS, so this is simply a configuration we do not use.
Let's ban it at compile time.

I put this preprocessor directive in src/libutil.cc because it is not
obvious where else to put it, and it seems like the most logical file
since you are not getting a usable nix without it.

Upstream-PR: https://github.com/NixOS/nix/pull/10126
Original-Change-Id: I513cceaac1371decb3d96231e6ef9181c910c218
Change-Id: I531a51f6348a746e8e41d88203b08f614898356c
2024-03-04 09:24:58 +01:00
eldritch horrors 647d762ab5 Merge pull request #9933 from pennae/debugger-fix
fix debugger crashing while printing envs

(cherry picked from commit 9b8b4860913afdb7f9cb1e1e81f9a9dd192cd1c1)
Change-Id: Ica6a17e4b3e3b8b8093719f442c28be7f13be09d
2024-03-04 08:57:44 +01:00
eldritch horrors 9ef32cf3b8 Merge pull request #9930 from rvl/print-dev-env-unbound-variables
print-dev-env: Avoid using unbound shellHook variable
(cherry picked from commit 25385a408ef7281d966c8732608833e224b32586)
Change-Id: Id1aca13942adfa628f7bdcfc0b6fc03bb3bab9ea
2024-03-04 08:51:49 +01:00
eldritch horrors 74272a9bc4 Merge pull request #9861 from 9999years/colored-diff-in-lang-tests
Color `diff` output in `tests/functional/lang` tests

(cherry picked from commit 1dc55c0f2f034bce6e3de4a5cda96d686b10a7f8)
Change-Id: Ie9b3fc3446bd3caa0fd8885de88639516a2ff862
2024-03-04 08:50:00 +01:00
eldritch horrors 2bb0a06346 Merge pull request #9841 from obsidiansystems/float-speed-factor
Convert `Machine::speedFactor` from a non-neg int to a non-neg float

(cherry picked from commit 69d0ae27e376e7c7c4f237716b0149223b8a805a)
Change-Id: I2afb5cf9e4fe1384985c58353946135c3d102b42
2024-03-04 08:40:38 +01:00
eldritch horrors 044c117a9f Merge pull request #9481 from iFreilicht/disallow-nix-search-without-search-terms
nix search: Disallow empty regex

(cherry picked from commit 1c260fa6d1f47d83954792771d0614db163cc3bc)
Change-Id: Iaaf3605c24a342fcb05d0b534a9f305533d3b5fa
2024-03-04 08:40:12 +01:00
eldritch horrors b6bb869e52 Merge pull request #9632 from cole-h/nix-daemon-testing
Use `nix daemon` in the test suite

(cherry picked from commit e6e160a0758c0354ed810b0ec9846ed885adcc11)
Change-Id: I537a25d3d48f609cd77b2c3a8ad68e87aebabfe8
2024-03-04 08:17:32 +01:00
eldritch horrors e81ee8b337 Merge pull request #9785 from hercules-ci/test-substring-negative
tests/functional/lang: Test substring with negative length

(cherry picked from commit 86156d05dd33f856d8804f89669a7fe9b81f1a0d)
Change-Id: I2e2086027a43f8111ba5068ac16590eaa0b798d4
2024-03-04 08:07:16 +01:00
eldritch horrors 2c85fcce87 Merge pull request #9747 from awakesecurity/mz/fix-quadratic-splitString
Fix performance of builtins.substring for empty substrings

(cherry picked from commit b2deff1947c2fe57fdbf1a472eb9003eb407f8d3)
Change-Id: I4ddfc8d26a4781c9520fff9807849a073ee7bed8
2024-03-04 08:06:36 +01:00
eldritch horrors e310bbf913 Merge pull request #8043 from bobvanderlinden/pr-shell-env
nix: develop: use SHELL from rc script
(cherry picked from commit 0d55d660d5ea081630aa9606b047eb755cff1528)
Change-Id: I83be6c63b282d7f01a0defa78d9e787c77f1f02d
2024-03-04 07:59:32 +01:00
eldritch horrors 180984178d Merge pull request #9648 from cole-h/nix-shell-ordering
nix shell: reflect command line order in PATH order

(cherry picked from commit b91c935c2faf08ced2c763dcd2a831f26d84fa86)
Change-Id: If16c120bb74857c2817366e74e5b0877eb997260
2024-03-04 07:50:55 +01:00
eldritch horrors 5f2eaa1b35 Merge pull request #9662 from shlevy/flat-fixed-references-assert
Improve error message for fixed-outputs with references.

(cherry picked from commit ff6de4a9ee6c3862db9ee5f09ff9c3f43ae7a088)
Change-Id: I733c49760b9a3f1b76a6bece3b250b8579cd6cac
2024-03-04 07:50:02 +01:00
eldritch horrors 96f1a404d0 Merge pull request #9617 from 9999years/stack-overflow-segfault
Fix segfault on infinite recursion in some cases

(cherry picked from commit bf1b294bd81ca76c5ec9fe3ecd52196bf52a8300)
Change-Id: Id137541426ec8536567835953fccf986a3aebf16
2024-03-04 07:35:20 +01:00
eldritch horrors 859da103ae Merge pull request #9637 from 9999years/fix-logging-test-on-macos
Fix `logging.sh` test on macOS

(cherry picked from commit 94a03a810e948f65776c3386d9a5234db551dc9e)
Change-Id: I65dde18ee53ccded31790e0cf1f836c3ad6dc492
2024-03-04 07:26:34 +01:00
eldritch horrors 2ddf453e0d Merge pull request #9619 from 9999years/remove-blank-lines-in-errors
Remove some blank lines from stack traces

(cherry picked from commit cea83544362bd6426e9bc0b7dd0d611c19b0e3fd)
Change-Id: Ic1af8b09e9994d3c69fd3b37ae47a4bb786a15a1
2024-03-04 07:23:44 +01:00
eldritch horrors 7614aa9797 Merge pull request #4093 from matthewbauer/eval-system
Add eval-system option

(cherry picked from commit 071dbbee33af9f27338c3e53e4ea067dbfa14010)
Change-Id: Ia81358c8cfb60241da07a4d0e84b9ee62a18a53f
2024-03-04 07:21:01 +01:00
eldritch horrors 13f78c557b Merge pull request #9589 from obsidiansystems/floating-content-addressing-derivations-eval-store
Fix building CA derivations with and eval store

(cherry picked from commit dfc0cee7024a082d90a4f68296f55a82dfd52126)
Change-Id: I28feb5a36d4fe75f0ed3e3e2db6eb56b67d0f371
2024-03-04 07:15:08 +01:00
eldritch horrors 2ba9788003 Merge pull request #9555 from 9999years/positions-in-errors
Pass positions when evaluating

(cherry picked from commit c8458bd731eb1c74159bebe459ea00165e056b65)
Change-Id: I1b4a5d58973be6264ffdb23b4492da200fdb71be
2024-03-04 07:11:25 +01:00
eldritch horrors e9243c849a Merge pull request #9529 from wh0/patch-1
tests: avoid a chroot store without sandbox support
(cherry picked from commit 5910140f252280f6be429d1cb5e91e69999f5b43)
Change-Id: Ic2255261334012f36a465a96073f50669952dc26
2024-03-04 07:11:25 +01:00
eldritch horrors 4018fcb9b8 Merge pull request #9233 from bouk/bouk/apply-config-inner
config: add included files into parsedContents before applying
(cherry picked from commit 82359eba6b692691ef08a71196ef25a61bc4d3d3)
Change-Id: Idde3177010fec7b8bafe6088c3c23d5caf491845
2024-03-04 07:11:25 +01:00
eldritch horrors a089d8f5f6 Merge pull request #9465 from obsidiansystems/build-dir
Use `buildprefix` in a few more places

(cherry picked from commit b6a3fde6b7a416929553e6be36fc991680ddf9ef)
Change-Id: I2790663fa9f8242ac2db6582b7e421d2fdf42942
2024-03-04 07:11:25 +01:00
eldritch horrors c208e918e5 fix: nlohmann::adl_serializer for std::optional (#9147)
This allows templates such as `NLOHMANN_DEFINE_TYPE_*` templates and other generators with things like `std::vector<std::optional<T>>`.

Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
(cherry picked from commit 02bd821f2e71372d31bbe6700bd68086cc2ee70a)
Change-Id: I8b0ebcf2af4226610dadd565962f2d2327415a03
2024-03-04 07:11:25 +01:00
eldritch horrors 340a6cf977 Merge pull request #9257 from Artturin/nixenvjsondrvpath
`nix-env --query`: fix `--json` ignoring `--drv-path`

(cherry picked from commit 516e7ddc41f39ff939b5d5b5dc71e590f24890d4)
Change-Id: I84b5bccea9d0383e2e74544743b703942e7be547
2024-03-04 05:59:15 +01:00
eldritch horrors 3f3badffc9 Merge pull request #9395 from nbraud/buitlins
builtins.concatMap: Fix typo in error message

(cherry picked from commit 4292d997568eb30503e287f98e24821ff0bc2816)
Change-Id: Ia33d1b02e41f699ef0c8c2d6487c9f70b2cc8cf4
2024-03-04 05:56:04 +01:00
eldritch horrors 5e182235cb Merge pull request #7348 from thufschmitt/dont-use-vlas
Remove the usage of VLAs in the code

(cherry picked from commit ac4431e9d016e62fb5dc9ae36833bd0c6cdadeec)
Change-Id: Ifbf5fbfc2e27122362a2aaea4b62c7cf3ca46b1a
2024-03-04 05:51:23 +01:00
eldritch horrors 1b135e6e7b Fix boost::bad_format_string exception in builtins.addErrorContext (#9291)
* Fix boost::bad_format_string exception in builtins.addErrorContext

The message passed to addTrace was incorrectly being used as a format
string and this this would cause an exception when the string contained
a '%', which can be hit in places where arbitrary file paths are
interpolated.

* add test

(cherry picked from commit 61d6fe059e959455e156c1d57bb91155d363e983)
Change-Id: Idd671127a9c1ccc8b94e58e727632fcc064f3cbe
2024-03-04 05:39:12 +01:00
eldritch horrors 8ed486ebe6 Merge pull request #9225 from drupol/nixpkgs-pr-107251/make-gnutar-reproducible
fix: make sure `tar` reproducibility flags are set
(cherry picked from commit 28dddde0aca978114eaef00a14a2ab14b2459f4a)
Change-Id: I57c4d4374f5195099e6d763827b6d7d05785b3a8
2024-03-04 05:34:19 +01:00
eldritch horrors 2633ca3f88 Merge pull request #9288 from edolstra/fix-nar-access-test
Fix nar-access test on macOS

(cherry picked from commit e9a857e4189241d23111e18e284ab7ac9d56b798)
Change-Id: I2fd2ec3e6ccb88350bdcd2ba15ccfd77275399c9
2024-03-04 05:27:18 +01:00
eldritch horrors 7ff1dca1fa Merge pull request #9247 from obsidiansystems/derivation-test-with-files
Turn derivation unit tests into unit characterization tests

(cherry picked from commit a6e587923c9d5d716fe0f0049bed96d1cc210bff)
Change-Id: Ia2a2e65aabfee8d5d52142b8fdaacbae4a27242c
2024-03-04 05:21:10 +01:00
eldritch horrors ea10088703 Merge pull request #9216 from obsidiansystems/addDrvOutputDependencies-pre
Add `builtins.addDrvOutputDependencies`

(cherry picked from commit a58d7f143ec995a45745c2176bfebcc3e011db58)
Change-Id: Ia5a1790bf29dfaf29287cc35cdae6b6d650e7a83
2024-03-04 05:06:56 +01:00
eldritch horrors 032eff7f69 Merge pull request #8470 from ncfavier/shebang-single-quotes
nix-shell: support single quotes in shebangs, fix whitespace parsing
(cherry picked from commit 3b99c6291377cbd22607896af9dfafa857d2f2dc)
Change-Id: I2a431b21c3467eefa1ef95d5a36d672f45b6937a
2024-03-04 05:06:32 +01:00
eldritch horrors 7f590ea709 Merge pull request #6223 from obsidiansystems/worker-proto-with-version
Give `nix daemon` and `nix-store --serve` protocols separate serializers with version info

(cherry picked from commit 8b68bbb77745fda0d14939b6c23d31cc89da41ce)
Change-Id: Ia3d3b9fbaf9f0ae62ab225020b7d14790e793655
2024-03-04 04:59:31 +01:00
Robert Hensing ab40b2c5d0 Merge pull request #9157 from obsidiansystems/protocol-versions
Add protocol versions to `{Worker,Serve}Proto::*Conn`

(cherry picked from commit 4d17c59d8d059a5b39f1d1da2b58f2ec8da44861)
Change-Id: I497af39deb792e50c157a1305d8c9e722798740b
2024-03-04 04:43:35 +01:00
eldritch horrors 5ddd1a9166 Merge pull request #9168 from obsidiansystems/fix-lang-tests-read-only
Fix language tests a bit

(cherry picked from commit e92cac789fc84b116a03db04a5f7de8df48e34cd)
Change-Id: I527e94c5af0921ff2559ce5a4ac7635be791c22e
2024-03-04 04:42:21 +01:00
eldritch horrors d28a6618a8 Merge pull request #9167 from obsidiansystems/pre-overhaul-completions
Improve tests and docs prior to refactoring completions

(cherry picked from commit 5442d9b47298389918d1f38d20f768a80ffc2369)
Change-Id: Ief99ac2cd9c92981a9a522d15b9c3daf99182c9d
2024-03-04 04:38:33 +01:00
eldritch horrors e12e9f2452 Merge pull request #9137 from obsidiansystems/serve-protocol
Introduce separate Serve protocol serialisers

(cherry picked from commit d070d8b7460f412a657745698dba291c66792402)
Change-Id: Ibcc8639e8997bcd07f7a5318330a147bcadc411b
2024-03-04 04:37:05 +01:00
eldritch horrors 6897e238bd Merge pull request #9099 from obsidiansystems/common-proto
Factor out bits of the worker protocol to use elsewhere

(cherry picked from commit 4b1a97338f517f45e6169d3d8845c5caa5724e97)
Change-Id: If93afa0f8b1cf9b0e705b34fa71e6fd708752758
2024-03-04 04:36:58 +01:00
eldritch horrors fd1299cef3 Merge pull request #9106 from Ericson2314/positive-source-filtering
Use positive source filtering for the standalone functional tests job and Perl bindings

(cherry picked from commit 6b6bd9003062c86a49d4384381941cf57f269c45)
Change-Id: I896be67654f893d543ed6beb5d0d0d6c6d36e027
2024-03-04 04:36:42 +01:00
eldritch horrors 4517de00cb Merge pull request #8905 from hercules-ci/no-unknown-location
Don't print unknown locations unless requested for dev purposes

(cherry picked from commit 3dd4475826dff8052fef42d4600b61e6b91950ac)
Change-Id: I04a91277d1d9d09f5c1bf4a28fc99f0702b161e5
2024-03-04 04:36:38 +01:00
eldritch horrors c36ba796dd Merge pull request #9096 from NixOS/dont-rebuild-twice-on-ci
Don't run the tests that require building if we're not building

(cherry picked from commit 8cfa582f436db8066eff74cb084990367e014ce6)
Change-Id: I6085ca6107349669407340d7a5e52639a2febc90
2024-03-04 04:36:33 +01:00
eldritch horrors 7e966819b5 Merge pull request #9098 from obsidiansystems/test-proto
Enable most of the third `BuildResult` worker protocol test

(cherry picked from commit d344c112f772282bacacd4c66a75df4022d16e12)
Change-Id: I7b2b72aa84c19a6069f9c12128d901262db6f91c
2024-03-04 04:36:28 +01:00
eldritch horrors ea0008deea Merge pull request #9094 from obsidiansystems/test-proto
Test the rest of the worker protocol serializers

(cherry picked from commit 2f1c16dfa2378fd8616bff1b9b7cd0b4d42af69b)
Change-Id: Idfd72d32b21d14a260e02f65531d287cef7464d2
2024-03-04 04:36:23 +01:00
eldritch horrors f17e7b1855 Merge pull request #8923 from obsidiansystems/test-proto
Unit test some worker protocol serializers

(cherry picked from commit c6faef61a6f31c71146aee5d88168e861df9a22a)
Change-Id: I99e36f5f17eb7642211a4e42a16b143424f164b4
2024-03-04 04:36:14 +01:00
Eelco Dolstra bef68e53b9 Fix symlink handling
This restores the symlink handling behaviour prior to
94812cca98.

Fixes #9298.

(cherry picked from commit 31ebc6028b3682969d86a7b39ae87131c41cc604)
2024-01-21 20:53:30 +00:00
Shea Levy ba48ab4b95
Merge branch '2.18-maintenance' into ifd-buildStore-2.18 2024-01-11 07:21:16 -05:00
Shea Levy e7c2b35827
Build IFD in the build store when using eval-store.
Previously, IFDs would be built within the eval store, even though one
is typically using `--eval-store` precisely to *avoid* local builds.

Because the resulting Nix expression must be copied back to the eval
store in order to be imported, this requires the eval store to trust
the build store's signatures.

(cherry picked from commit c3942ef85ffbd83391410fbf012f1de366d2463c)
2024-01-11 06:34:27 -05:00
Shea Levy be208d8e78
remote-store test: Break out IFD expression into a separate file
(cherry picked from commit 9cb287657bec5a969d8bb1678d598d9fa820e60b)
2024-01-11 06:30:02 -05:00
John Ericson 615bd655e5 Add missing -pthread for test support libraries
This is good in general (see how the other libraries also have long had
it, since 49fe9592a4) but in particular
needed to fix the NetBSD build.

(cherry picked from commit b23273f6a29c725646b3523b1c35a0ae4a84ef61)
2023-12-05 23:44:41 +00:00