tests/fetchClosure: Improve coverage of new and some existing flows

This commit is contained in:
Robert Hensing 2023-06-19 23:22:37 +02:00
parent 40052c7613
commit 1db81f7107

View file

@ -33,8 +33,26 @@ clearStore
[ ! -e $nonCaPath ] [ ! -e $nonCaPath ]
[ -e $caPath ] [ -e $caPath ]
clearStore
# The daemon will reject input addressed paths unless configured to trust the
# cache key or the user. This behavior should be covered by another test, so we
# skip this part when using the daemon.
if [[ "$NIX_REMOTE" != "daemon" ]]; then if [[ "$NIX_REMOTE" != "daemon" ]]; then
# If we want to return a non-CA path, we have to be explicit about it.
expectStderr 1 nix eval --raw --no-require-sigs --expr "
builtins.fetchClosure {
fromStore = \"file://$cacheDir\";
fromPath = $nonCaPath;
}
" | grepQuiet -E "The .fromPath. value .* is input-addressed, but .inputAddressed. is set to .false."
# TODO: Should the closure be rejected, despite single user mode?
# [ ! -e $nonCaPath ]
[ ! -e $caPath ]
# We can use non-CA paths when we ask explicitly. # We can use non-CA paths when we ask explicitly.
[[ $(nix eval --raw --no-require-sigs --expr " [[ $(nix eval --raw --no-require-sigs --expr "
builtins.fetchClosure { builtins.fetchClosure {
@ -45,20 +63,13 @@ if [[ "$NIX_REMOTE" != "daemon" ]]; then
") = $nonCaPath ]] ") = $nonCaPath ]]
[ -e $nonCaPath ] [ -e $nonCaPath ]
[ ! -e $caPath ]
# .. but only if we ask explicitly.
expectStderr 1 nix eval --raw --no-require-sigs --expr "
builtins.fetchClosure {
fromStore = \"file://$cacheDir\";
fromPath = $nonCaPath;
}
" | grepQuiet -E "The .fromPath. value .* is input-addressed, but .inputAddressed. is set to .false."
[ -e $nonCaPath ]
fi fi
[ ! -e $caPath ]
# 'toPath' set to empty string should fail but print the expected path. # 'toPath' set to empty string should fail but print the expected path.
expectStderr 1 nix eval -v --json --expr " expectStderr 1 nix eval -v --json --expr "
builtins.fetchClosure { builtins.fetchClosure {
@ -71,6 +82,10 @@ expectStderr 1 nix eval -v --json --expr "
# If fromPath is CA, then toPath isn't needed. # If fromPath is CA, then toPath isn't needed.
nix copy --to file://$cacheDir $caPath nix copy --to file://$cacheDir $caPath
clearStore
[ ! -e $caPath ]
[[ $(nix eval -v --raw --expr " [[ $(nix eval -v --raw --expr "
builtins.fetchClosure { builtins.fetchClosure {
fromStore = \"file://$cacheDir\"; fromStore = \"file://$cacheDir\";
@ -78,6 +93,8 @@ nix copy --to file://$cacheDir $caPath
} }
") = $caPath ]] ") = $caPath ]]
[ -e $caPath ]
# Check that URL query parameters aren't allowed. # Check that URL query parameters aren't allowed.
clearStore clearStore
narCache=$TEST_ROOT/nar-cache narCache=$TEST_ROOT/nar-cache
@ -89,3 +106,45 @@ rm -rf $narCache
} }
") ")
(! [ -e $narCache ]) (! [ -e $narCache ])
# If toPath is specified but wrong, we check it (only) when the path is missing.
clearStore
badPath=$(echo $caPath | sed -e 's!/store/................................-!/store/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-!')
[ ! -e $badPath ]
expectStderr 1 nix eval -v --raw --expr "
builtins.fetchClosure {
fromStore = \"file://$cacheDir\";
fromPath = $nonCaPath;
toPath = $badPath;
}
" | grep "error: rewriting.*$nonCaPath.*yielded.*$caPath.*while.*$badPath.*was expected"
[ ! -e $badPath ]
# We only check it when missing, as a performance optimization similar to what we do for fixed output derivations. So if it's already there, we don't check it.
# It would be nice for this to fail, but checking it would be too(?) slow.
[ -e $caPath ]
[[ $(nix eval -v --raw --expr "
builtins.fetchClosure {
fromStore = \"file://$cacheDir\";
fromPath = $badPath;
toPath = $caPath;
}
") = $caPath ]]
# However, if the output address is unexpected, we can report it
expectStderr 1 nix eval -v --raw --expr "
builtins.fetchClosure {
fromStore = \"file://$cacheDir\";
fromPath = $caPath;
inputAddressed = true;
}
" | grepQuiet 'error.*The store object referred to by.*fromPath.* at .* is not input-addressed, but .*inputAddressed.* is set to .*true.*'