Pierre Bourdon
f7b6552699
-- message fromcl/1418
-- The boehmgc changes are bundled into this commit because doing otherwise would require an annoying dance of "adding compatibility for < 8.2.6 and >= 8.2.6" then updating the pin then removing the (now unneeded) compatibility. It doesn't seem worth the trouble to me given the low complexity of said changes. Rebased coroutine-sp-fallback.diff patch taken from https://github.com/NixOS/nixpkgs/pull/317227 -- jade resubmit changes -- This is a resubmission of https://gerrit.lix.systems/c/lix/+/1418, which was reverted in https://gerrit.lix.systems/c/lix/+/1432 for breaking CI evaluation without being detected. I have run `nix flake check -Lv` on this one before submission and it passes on my machine and crucially without eval errors, so the CI result should be accurate. It seems like someone renamed forbiddenDependenciesRegex to forbiddenDependenciesRegexes in nixpkgs and also changed the type incompatibly. That's pretty silly, but at least it's just an eval error. Also, `xonsh` regressed the availability of `xonsh-unwrapped`, but it was fixed by us in https://github.com/NixOS/nixpkgs/pull/317636, which is now in our channel, so we update nixpkgs compared to the original iteration of this to simply get that. We originally had a regression related to some reorganization of the nixpkgs lib test suite in which there was broken parameter passing. This, too, we got quickfixed in nixpkgs, so we don't need any changes for it: https://github.com/NixOS/nixpkgs/pull/317772 Related: https://gerrit.lix.systems/c/lix/+/1428 Fixes: #385 Change-Id:I26d41ea826fec900ebcad0f82a727feb6bcd28f3
158 lines
5.2 KiB
Nix
158 lines
5.2 KiB
Nix
{ lib, nixpkgs, nixpkgsFor }:
|
|
|
|
let
|
|
|
|
nixos-lib = import (nixpkgs + "/nixos/lib") { };
|
|
|
|
# https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
|
|
runNixOSTestFor = system: test:
|
|
(nixos-lib.runTest {
|
|
imports = [ test ];
|
|
hostPkgs = nixpkgsFor.${system}.native;
|
|
defaults = {
|
|
nixpkgs.pkgs = nixpkgsFor.${system}.native;
|
|
nix.checkAllErrors = false;
|
|
};
|
|
_module.args.nixpkgs = nixpkgs;
|
|
_module.args.system = system;
|
|
})
|
|
// {
|
|
# allow running tests against older nix versions via `nix eval --apply`
|
|
# Example:
|
|
# nix build "$(nix eval --raw --impure .#hydraJobs.tests.fetch-git --apply 't: (t.forNix "2.19.2").drvPath')^*"
|
|
forNix = nixVersion: runNixOSTestFor system {
|
|
imports = [test];
|
|
defaults.nixpkgs.overlays = [(curr: prev: {
|
|
nix = (builtins.getFlake "nix/${nixVersion}").packages.${system}.nix;
|
|
})];
|
|
};
|
|
};
|
|
|
|
# Checks that a NixOS configuration does not contain any references to our
|
|
# locally defined Nix version.
|
|
checkOverrideNixVersion = { pkgs, lib, ... }: {
|
|
# pkgs.nix: The new Nix in this repo
|
|
# We disallow it, to make sure we don't accidentally use it.
|
|
system.forbiddenDependenciesRegexes = [ (lib.strings.escapeRegex "nix-${pkgs.nix.version}") ];
|
|
};
|
|
in
|
|
|
|
{
|
|
authorization = runNixOSTestFor "x86_64-linux" ./authorization.nix;
|
|
|
|
remoteBuilds = runNixOSTestFor "x86_64-linux" ./remote-builds.nix;
|
|
|
|
# Test our Nix as a client against remotes that are older
|
|
|
|
remoteBuilds_remote_2_3 = runNixOSTestFor "x86_64-linux" {
|
|
name = "remoteBuilds_remote_2_3";
|
|
imports = [ ./remote-builds.nix ];
|
|
builders.config = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
|
|
};
|
|
};
|
|
|
|
remoteBuilds_remote_2_18 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
|
|
name = "remoteBuilds_remote_2_18";
|
|
imports = [ ./remote-builds.nix ];
|
|
builders.config = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_18;
|
|
};
|
|
});
|
|
|
|
# Test our Nix as a builder for clients that are older
|
|
|
|
remoteBuilds_local_2_3 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
|
|
name = "remoteBuilds_local_2_3";
|
|
imports = [ ./remote-builds.nix ];
|
|
nodes.client = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
|
|
};
|
|
});
|
|
|
|
remoteBuilds_local_2_18 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
|
|
name = "remoteBuilds_local_2_18";
|
|
imports = [ ./remote-builds.nix ];
|
|
nodes.client = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_18;
|
|
};
|
|
});
|
|
|
|
# End remoteBuilds tests
|
|
|
|
remoteBuildsSshNg = runNixOSTestFor "x86_64-linux" ./remote-builds-ssh-ng.nix;
|
|
|
|
# Test our Nix as a client against remotes that are older
|
|
|
|
remoteBuildsSshNg_remote_2_3 = runNixOSTestFor "x86_64-linux" {
|
|
name = "remoteBuildsSshNg_remote_2_3";
|
|
imports = [ ./remote-builds-ssh-ng.nix ];
|
|
builders.config = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
|
|
};
|
|
};
|
|
|
|
remoteBuildsSshNg_remote_2_18 = runNixOSTestFor "x86_64-linux" {
|
|
name = "remoteBuildsSshNg_remote_2_18";
|
|
imports = [ ./remote-builds-ssh-ng.nix ];
|
|
builders.config = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_18;
|
|
};
|
|
};
|
|
|
|
# Test our Nix as a builder for clients that are older
|
|
|
|
# FIXME: these tests don't work yet
|
|
/*
|
|
remoteBuildsSshNg_local_2_3 = runNixOSTestFor "x86_64-linux" ({ lib, pkgs, ... }: {
|
|
name = "remoteBuildsSshNg_local_2_3";
|
|
imports = [ ./remote-builds-ssh-ng.nix ];
|
|
nodes.client = { lib, pkgs, ... }: {
|
|
imports = [ checkOverrideNixVersion ];
|
|
nix.package = lib.mkForce pkgs.nixVersions.nix_2_3;
|
|
};
|
|
});
|
|
|
|
# TODO: (nixpkgs update) remoteBuildsSshNg_local_2_18 = ...
|
|
*/
|
|
|
|
nix-copy-closure = runNixOSTestFor "x86_64-linux" ./nix-copy-closure.nix;
|
|
|
|
nix-copy = runNixOSTestFor "x86_64-linux" ./nix-copy.nix;
|
|
|
|
nix-upgrade-nix = runNixOSTestFor "x86_64-linux" ./nix-upgrade-nix.nix;
|
|
|
|
nssPreload = runNixOSTestFor "x86_64-linux" ./nss-preload.nix;
|
|
|
|
githubFlakes = runNixOSTestFor "x86_64-linux" ./github-flakes.nix;
|
|
|
|
sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./sourcehut-flakes.nix;
|
|
|
|
tarballFlakes = runNixOSTestFor "x86_64-linux" ./tarball-flakes.nix;
|
|
|
|
containers = runNixOSTestFor "x86_64-linux" ./containers/containers.nix;
|
|
|
|
setuid = lib.genAttrs
|
|
["i686-linux" "x86_64-linux"]
|
|
(system: runNixOSTestFor system ./setuid/setuid.nix);
|
|
|
|
ca-fd-leak = runNixOSTestFor "x86_64-linux" ./ca-fd-leak;
|
|
|
|
fetch-git = runNixOSTestFor "x86_64-linux" ./fetch-git;
|
|
|
|
symlinkResolvconf = runNixOSTestFor "x86_64-linux" ./symlink-resolvconf.nix;
|
|
|
|
noNewPrivilegesInSandbox = runNixOSTestFor "x86_64-linux" ./no-new-privileges/sandbox.nix;
|
|
|
|
noNewPrivilegesOutsideSandbox = runNixOSTestFor "x86_64-linux" ./no-new-privileges/no-sandbox.nix;
|
|
|
|
broken-userns = runNixOSTestFor "x86_64-linux" ./broken-userns.nix;
|
|
|
|
coredumps = runNixOSTestFor "x86_64-linux" ./coredumps;
|
|
}
|