forked from lix-project/lix
nix: Add --expr flag
This replaces the '(...)' installable syntax, which is not very discoverable. The downside is that you can't have multiple expressions or mix expressions and other installables.
This commit is contained in:
parent
2c6dbcd5e7
commit
ca8caaec5e
|
@ -56,6 +56,7 @@ struct MixFlakeOptions : virtual Args
|
||||||
struct SourceExprCommand : virtual Args, EvalCommand, MixFlakeOptions
|
struct SourceExprCommand : virtual Args, EvalCommand, MixFlakeOptions
|
||||||
{
|
{
|
||||||
std::optional<Path> file;
|
std::optional<Path> file;
|
||||||
|
std::optional<std::string> expr;
|
||||||
|
|
||||||
SourceExprCommand();
|
SourceExprCommand();
|
||||||
|
|
||||||
|
@ -106,7 +107,7 @@ struct InstallableCommand : virtual Args, SourceExprCommand
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
||||||
std::string _installable{"."};
|
std::string _installable{""};
|
||||||
};
|
};
|
||||||
|
|
||||||
/* A command that operates on zero or more store paths. */
|
/* A command that operates on zero or more store paths. */
|
||||||
|
|
|
@ -28,7 +28,7 @@ struct CmdEval : MixJSON, InstallableCommand
|
||||||
return {
|
return {
|
||||||
Example{
|
Example{
|
||||||
"To evaluate a Nix expression given on the command line:",
|
"To evaluate a Nix expression given on the command line:",
|
||||||
"nix eval '(1 + 2)'"
|
"nix eval --expr '1 + 2'"
|
||||||
},
|
},
|
||||||
Example{
|
Example{
|
||||||
"To evaluate a Nix expression from a file or URI:",
|
"To evaluate a Nix expression from a file or URI:",
|
||||||
|
|
|
@ -51,8 +51,14 @@ SourceExprCommand::SourceExprCommand()
|
||||||
.shortName('f')
|
.shortName('f')
|
||||||
.longName("file")
|
.longName("file")
|
||||||
.label("file")
|
.label("file")
|
||||||
.description("evaluate a set of attributes from FILE (deprecated)")
|
.description("evaluate attributes from FILE")
|
||||||
.dest(&file);
|
.dest(&file);
|
||||||
|
|
||||||
|
mkFlag()
|
||||||
|
.longName("expr")
|
||||||
|
.label("expr")
|
||||||
|
.description("evaluate attributes from EXPR")
|
||||||
|
.dest(&expr);
|
||||||
}
|
}
|
||||||
|
|
||||||
Strings SourceExprCommand::getDefaultFlakeAttrPaths()
|
Strings SourceExprCommand::getDefaultFlakeAttrPaths()
|
||||||
|
@ -378,19 +384,25 @@ std::vector<std::shared_ptr<Installable>> SourceExprCommand::parseInstallables(
|
||||||
{
|
{
|
||||||
std::vector<std::shared_ptr<Installable>> result;
|
std::vector<std::shared_ptr<Installable>> result;
|
||||||
|
|
||||||
if (file) {
|
if (file || expr) {
|
||||||
|
if (file && expr)
|
||||||
|
throw UsageError("'--file' and '--expr' are exclusive");
|
||||||
|
|
||||||
// FIXME: backward compatibility hack
|
// FIXME: backward compatibility hack
|
||||||
evalSettings.pureEval = false;
|
if (file) evalSettings.pureEval = false;
|
||||||
|
|
||||||
auto state = getEvalState();
|
auto state = getEvalState();
|
||||||
auto vFile = state->allocValue();
|
auto vFile = state->allocValue();
|
||||||
state->evalFile(lookupFileArg(*state, *file), *vFile);
|
|
||||||
|
|
||||||
if (ss.empty())
|
if (file)
|
||||||
ss = {""};
|
state->evalFile(lookupFileArg(*state, *file), *vFile);
|
||||||
|
else {
|
||||||
|
auto e = state->parseExprFromString(*expr, absPath("."));
|
||||||
|
state->eval(e, *vFile);
|
||||||
|
}
|
||||||
|
|
||||||
for (auto & s : ss)
|
for (auto & s : ss)
|
||||||
result.push_back(std::make_shared<InstallableAttrPath>(*this, vFile, s));
|
result.push_back(std::make_shared<InstallableAttrPath>(*this, vFile, s == "." ? "" : s));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
@ -407,10 +419,7 @@ std::vector<std::shared_ptr<Installable>> SourceExprCommand::parseInstallables(
|
||||||
size_t hash;
|
size_t hash;
|
||||||
std::optional<Path> storePath;
|
std::optional<Path> storePath;
|
||||||
|
|
||||||
if (s.compare(0, 1, "(") == 0)
|
if (hasPrefix(s, "nixpkgs.")) {
|
||||||
result.push_back(std::make_shared<InstallableExpr>(*this, s));
|
|
||||||
|
|
||||||
else if (hasPrefix(s, "nixpkgs.")) {
|
|
||||||
bool static warned;
|
bool static warned;
|
||||||
warnOnce(warned, "the syntax 'nixpkgs.<attr>' is deprecated; use 'nixpkgs:<attr>' instead");
|
warnOnce(warned, "the syntax 'nixpkgs.<attr>' is deprecated; use 'nixpkgs:<attr>' instead");
|
||||||
result.push_back(std::make_shared<InstallableFlake>(*this, FlakeRef("nixpkgs"),
|
result.push_back(std::make_shared<InstallableFlake>(*this, FlakeRef("nixpkgs"),
|
||||||
|
@ -532,7 +541,7 @@ PathSet toDerivations(ref<Store> store,
|
||||||
|
|
||||||
void InstallablesCommand::prepare()
|
void InstallablesCommand::prepare()
|
||||||
{
|
{
|
||||||
if (_installables.empty() && !file && useDefaultInstallables())
|
if (_installables.empty() && useDefaultInstallables())
|
||||||
// FIXME: commands like "nix install" should not have a
|
// FIXME: commands like "nix install" should not have a
|
||||||
// default, probably.
|
// default, probably.
|
||||||
_installables.push_back(".");
|
_installables.push_back(".");
|
||||||
|
|
|
@ -28,39 +28,39 @@ git -C $repo commit -m 'Bla2' -a
|
||||||
rev2=$(git -C $repo rev-parse HEAD)
|
rev2=$(git -C $repo rev-parse HEAD)
|
||||||
|
|
||||||
# Fetch the default branch.
|
# Fetch the default branch.
|
||||||
path=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
|
path=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
|
||||||
[[ $(cat $path/hello) = world ]]
|
[[ $(cat $path/hello) = world ]]
|
||||||
|
|
||||||
# In pure eval mode, fetchGit without a revision should fail.
|
# In pure eval mode, fetchGit without a revision should fail.
|
||||||
[[ $(nix eval --impure --raw "(builtins.readFile (fetchGit file://$repo + \"/hello\"))") = world ]]
|
[[ $(nix eval --impure --raw --expr "builtins.readFile (fetchGit file://$repo + \"/hello\")") = world ]]
|
||||||
(! nix eval --raw "(builtins.readFile (fetchGit file://$repo + \"/hello\"))")
|
(! nix eval --raw --expr "builtins.readFile (fetchGit file://$repo + \"/hello\")")
|
||||||
|
|
||||||
# Fetch using an explicit revision hash.
|
# Fetch using an explicit revision hash.
|
||||||
path2=$(nix eval --raw "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
path2=$(nix eval --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
# In pure eval mode, fetchGit with a revision should succeed.
|
# In pure eval mode, fetchGit with a revision should succeed.
|
||||||
[[ $(nix eval --raw "(builtins.readFile (fetchGit { url = file://$repo; rev = \"$rev2\"; } + \"/hello\"))") = world ]]
|
[[ $(nix eval --raw --expr "builtins.readFile (fetchGit { url = file://$repo; rev = \"$rev2\"; } + \"/hello\")") = world ]]
|
||||||
|
|
||||||
# Fetch again. This should be cached.
|
# Fetch again. This should be cached.
|
||||||
mv $repo ${repo}-tmp
|
mv $repo ${repo}-tmp
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
[[ $(nix eval --impure "(builtins.fetchGit file://$repo).revCount") = 2 ]]
|
[[ $(nix eval --impure --expr "(builtins.fetchGit file://$repo).revCount") = 2 ]]
|
||||||
[[ $(nix eval --impure --raw "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
|
||||||
|
|
||||||
# Fetching with a explicit hash should succeed.
|
# Fetching with a explicit hash should succeed.
|
||||||
path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchGit { url = file://$repo; rev = \"$rev1\"; }).outPath")
|
path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev1\"; }).outPath")
|
||||||
[[ $(cat $path2/hello) = utrecht ]]
|
[[ $(cat $path2/hello) = utrecht ]]
|
||||||
|
|
||||||
mv ${repo}-tmp $repo
|
mv ${repo}-tmp $repo
|
||||||
|
|
||||||
# Using a clean working tree should produce the same result.
|
# Using a clean working tree should produce the same result.
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
# Using an unclean tree should yield the tracked but uncommitted changes.
|
# Using an unclean tree should yield the tracked but uncommitted changes.
|
||||||
|
@ -71,26 +71,26 @@ echo bar > $repo/dir2/bar
|
||||||
git -C $repo add dir1/foo
|
git -C $repo add dir1/foo
|
||||||
git -C $repo rm hello
|
git -C $repo rm hello
|
||||||
|
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
|
||||||
[ ! -e $path2/hello ]
|
[ ! -e $path2/hello ]
|
||||||
[ ! -e $path2/bar ]
|
[ ! -e $path2/bar ]
|
||||||
[ ! -e $path2/dir2/bar ]
|
[ ! -e $path2/dir2/bar ]
|
||||||
[ ! -e $path2/.git ]
|
[ ! -e $path2/.git ]
|
||||||
[[ $(cat $path2/dir1/foo) = foo ]]
|
[[ $(cat $path2/dir1/foo) = foo ]]
|
||||||
|
|
||||||
[[ $(nix eval --impure --raw "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
|
||||||
|
|
||||||
# ... unless we're using an explicit ref or rev.
|
# ... unless we're using an explicit ref or rev.
|
||||||
path3=$(nix eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"master\"; }).outPath")
|
path3=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"master\"; }).outPath")
|
||||||
[[ $path = $path3 ]]
|
[[ $path = $path3 ]]
|
||||||
|
|
||||||
path3=$(nix eval --raw "(builtins.fetchGit { url = $repo; rev = \"$rev2\"; }).outPath")
|
path3=$(nix eval --raw --expr "(builtins.fetchGit { url = $repo; rev = \"$rev2\"; }).outPath")
|
||||||
[[ $path = $path3 ]]
|
[[ $path = $path3 ]]
|
||||||
|
|
||||||
# Committing should not affect the store path.
|
# Committing should not affect the store path.
|
||||||
git -C $repo commit -m 'Bla3' -a
|
git -C $repo commit -m 'Bla3' -a
|
||||||
|
|
||||||
path4=$(nix eval --impure --tarball-ttl 0 --raw "(builtins.fetchGit file://$repo).outPath")
|
path4=$(nix eval --impure --tarball-ttl 0 --raw --expr "(builtins.fetchGit file://$repo).outPath")
|
||||||
[[ $path2 = $path4 ]]
|
[[ $path2 = $path4 ]]
|
||||||
|
|
||||||
# tarball-ttl should be ignored if we specify a rev
|
# tarball-ttl should be ignored if we specify a rev
|
||||||
|
@ -98,32 +98,32 @@ echo delft > $repo/hello
|
||||||
git -C $repo add hello
|
git -C $repo add hello
|
||||||
git -C $repo commit -m 'Bla4'
|
git -C $repo commit -m 'Bla4'
|
||||||
rev3=$(git -C $repo rev-parse HEAD)
|
rev3=$(git -C $repo rev-parse HEAD)
|
||||||
nix eval --tarball-ttl 3600 "(builtins.fetchGit { url = $repo; rev = \"$rev3\"; })" >/dev/null
|
nix eval --tarball-ttl 3600 --expr "builtins.fetchGit { url = $repo; rev = \"$rev3\"; }" >/dev/null
|
||||||
|
|
||||||
# Update 'path' to reflect latest master
|
# Update 'path' to reflect latest master
|
||||||
path=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
|
path=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
|
||||||
|
|
||||||
# Check behavior when non-master branch is used
|
# Check behavior when non-master branch is used
|
||||||
git -C $repo checkout $rev2 -b dev
|
git -C $repo checkout $rev2 -b dev
|
||||||
echo dev > $repo/hello
|
echo dev > $repo/hello
|
||||||
|
|
||||||
# File URI uses 'master' unless specified otherwise
|
# File URI uses 'master' unless specified otherwise
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
# Using local path with branch other than 'master' should work when clean or dirty
|
# Using local path with branch other than 'master' should work when clean or dirty
|
||||||
path3=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
|
path3=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
|
||||||
# (check dirty-tree handling was used)
|
# (check dirty-tree handling was used)
|
||||||
[[ $(nix eval --impure --raw "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
|
||||||
|
|
||||||
# Committing shouldn't change store path, or switch to using 'master'
|
# Committing shouldn't change store path, or switch to using 'master'
|
||||||
git -C $repo commit -m 'Bla5' -a
|
git -C $repo commit -m 'Bla5' -a
|
||||||
path4=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
|
path4=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
|
||||||
[[ $(cat $path4/hello) = dev ]]
|
[[ $(cat $path4/hello) = dev ]]
|
||||||
[[ $path3 = $path4 ]]
|
[[ $path3 = $path4 ]]
|
||||||
|
|
||||||
# Confirm same as 'dev' branch
|
# Confirm same as 'dev' branch
|
||||||
path5=$(nix eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
|
path5=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
|
||||||
[[ $path3 = $path5 ]]
|
[[ $path3 = $path5 ]]
|
||||||
|
|
||||||
|
|
||||||
|
@ -133,8 +133,8 @@ rm -rf $TEST_HOME/.cache/nix/gitv2
|
||||||
# Try again, but without 'git' on PATH
|
# Try again, but without 'git' on PATH
|
||||||
NIX=$(command -v nix)
|
NIX=$(command -v nix)
|
||||||
# This should fail
|
# This should fail
|
||||||
(! PATH= $NIX eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath" )
|
(! PATH= $NIX eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath" )
|
||||||
|
|
||||||
# Try again, with 'git' available. This should work.
|
# Try again, with 'git' available. This should work.
|
||||||
path5=$(nix eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
|
path5=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
|
||||||
[[ $path3 = $path5 ]]
|
[[ $path3 = $path5 ]]
|
||||||
|
|
|
@ -26,43 +26,43 @@ hg commit --cwd $repo -m 'Bla2'
|
||||||
rev2=$(hg log --cwd $repo -r tip --template '{node}')
|
rev2=$(hg log --cwd $repo -r tip --template '{node}')
|
||||||
|
|
||||||
# Fetch the default branch.
|
# Fetch the default branch.
|
||||||
path=$(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).outPath")
|
path=$(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).outPath")
|
||||||
[[ $(cat $path/hello) = world ]]
|
[[ $(cat $path/hello) = world ]]
|
||||||
|
|
||||||
# In pure eval mode, fetchGit without a revision should fail.
|
# In pure eval mode, fetchGit without a revision should fail.
|
||||||
[[ $(nix eval --impure --raw "(builtins.readFile (fetchMercurial file://$repo + \"/hello\"))") = world ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.readFile (fetchMercurial file://$repo + \"/hello\"))") = world ]]
|
||||||
(! nix eval --raw "(builtins.readFile (fetchMercurial file://$repo + \"/hello\"))")
|
(! nix eval --raw --expr "builtins.readFile (fetchMercurial file://$repo + \"/hello\")")
|
||||||
|
|
||||||
# Fetch using an explicit revision hash.
|
# Fetch using an explicit revision hash.
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
# In pure eval mode, fetchGit with a revision should succeed.
|
# In pure eval mode, fetchGit with a revision should succeed.
|
||||||
[[ $(nix eval --raw "(builtins.readFile (fetchMercurial { url = file://$repo; rev = \"$rev2\"; } + \"/hello\"))") = world ]]
|
[[ $(nix eval --raw --expr "builtins.readFile (fetchMercurial { url = file://$repo; rev = \"$rev2\"; } + \"/hello\")") = world ]]
|
||||||
|
|
||||||
# Fetch again. This should be cached.
|
# Fetch again. This should be cached.
|
||||||
mv $repo ${repo}-tmp
|
mv $repo ${repo}-tmp
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
[[ $(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).branch") = default ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).branch") = default ]]
|
||||||
[[ $(nix eval --impure "(builtins.fetchMercurial file://$repo).revCount") = 1 ]]
|
[[ $(nix eval --impure --expr "(builtins.fetchMercurial file://$repo).revCount") = 1 ]]
|
||||||
[[ $(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).rev") = $rev2 ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).rev") = $rev2 ]]
|
||||||
|
|
||||||
# But with TTL 0, it should fail.
|
# But with TTL 0, it should fail.
|
||||||
(! nix eval --impure --tarball-ttl 0 "(builtins.fetchMercurial file://$repo)")
|
(! nix eval --impure --tarball-ttl 0 --expr "builtins.fetchMercurial file://$repo")
|
||||||
|
|
||||||
# Fetching with a explicit hash should succeed.
|
# Fetching with a explicit hash should succeed.
|
||||||
path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev1\"; }).outPath")
|
path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev1\"; }).outPath")
|
||||||
[[ $(cat $path2/hello) = utrecht ]]
|
[[ $(cat $path2/hello) = utrecht ]]
|
||||||
|
|
||||||
mv ${repo}-tmp $repo
|
mv ${repo}-tmp $repo
|
||||||
|
|
||||||
# Using a clean working tree should produce the same result.
|
# Using a clean working tree should produce the same result.
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchMercurial $repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial $repo).outPath")
|
||||||
[[ $path = $path2 ]]
|
[[ $path = $path2 ]]
|
||||||
|
|
||||||
# Using an unclean tree should yield the tracked but uncommitted changes.
|
# Using an unclean tree should yield the tracked but uncommitted changes.
|
||||||
|
@ -73,21 +73,21 @@ echo bar > $repo/dir2/bar
|
||||||
hg add --cwd $repo dir1/foo
|
hg add --cwd $repo dir1/foo
|
||||||
hg rm --cwd $repo hello
|
hg rm --cwd $repo hello
|
||||||
|
|
||||||
path2=$(nix eval --impure --raw "(builtins.fetchMercurial $repo).outPath")
|
path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial $repo).outPath")
|
||||||
[ ! -e $path2/hello ]
|
[ ! -e $path2/hello ]
|
||||||
[ ! -e $path2/bar ]
|
[ ! -e $path2/bar ]
|
||||||
[ ! -e $path2/dir2/bar ]
|
[ ! -e $path2/dir2/bar ]
|
||||||
[ ! -e $path2/.hg ]
|
[ ! -e $path2/.hg ]
|
||||||
[[ $(cat $path2/dir1/foo) = foo ]]
|
[[ $(cat $path2/dir1/foo) = foo ]]
|
||||||
|
|
||||||
[[ $(nix eval --impure --raw "(builtins.fetchMercurial $repo).rev") = 0000000000000000000000000000000000000000 ]]
|
[[ $(nix eval --impure --raw --expr "(builtins.fetchMercurial $repo).rev") = 0000000000000000000000000000000000000000 ]]
|
||||||
|
|
||||||
# ... unless we're using an explicit rev.
|
# ... unless we're using an explicit rev.
|
||||||
path3=$(nix eval --raw "(builtins.fetchMercurial { url = $repo; rev = \"default\"; }).outPath")
|
path3=$(nix eval --raw --expr "(builtins.fetchMercurial { url = $repo; rev = \"default\"; }).outPath")
|
||||||
[[ $path = $path3 ]]
|
[[ $path = $path3 ]]
|
||||||
|
|
||||||
# Committing should not affect the store path.
|
# Committing should not affect the store path.
|
||||||
hg commit --cwd $repo -m 'Bla3'
|
hg commit --cwd $repo -m 'Bla3'
|
||||||
|
|
||||||
path4=$(nix eval --impure --tarball-ttl 0 --raw "(builtins.fetchMercurial file://$repo).outPath")
|
path4=$(nix eval --impure --tarball-ttl 0 --raw --expr "(builtins.fetchMercurial file://$repo).outPath")
|
||||||
[[ $path2 = $path4 ]]
|
[[ $path2 = $path4 ]]
|
||||||
|
|
|
@ -57,11 +57,11 @@ with import ./config.nix; mkDerivation {
|
||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
|
|
||||||
nix build --impure -v -o $TEST_ROOT/result-A -L "($expr)" \
|
nix build --impure -v -o $TEST_ROOT/result-A -L --expr "$expr" \
|
||||||
--min-free 1000 --max-free 2000 --min-free-check-interval 1 &
|
--min-free 1000 --max-free 2000 --min-free-check-interval 1 &
|
||||||
pid=$!
|
pid=$!
|
||||||
|
|
||||||
nix build --impure -v -o $TEST_ROOT/result-B -L "($expr2)" \
|
nix build --impure -v -o $TEST_ROOT/result-B -L --expr "$expr2" \
|
||||||
--min-free 1000 --max-free 2000 --min-free-check-interval 1
|
--min-free 1000 --max-free 2000 --min-free-check-interval 1
|
||||||
|
|
||||||
wait "$pid"
|
wait "$pid"
|
||||||
|
|
|
@ -2,6 +2,6 @@ source common.sh
|
||||||
|
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
res=$(nix eval '(builtins.anotherNull)' --option setting-set true --option plugin-files $PWD/plugins/libplugintest*)
|
res=$(nix eval --expr builtins.anotherNull --option setting-set true --option plugin-files $PWD/plugins/libplugintest*)
|
||||||
|
|
||||||
[ "$res"x = "nullx" ]
|
[ "$res"x = "nullx" ]
|
||||||
|
|
|
@ -2,17 +2,17 @@ source common.sh
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
nix eval '(assert 1 + 2 == 3; true)'
|
nix eval --expr 'assert 1 + 2 == 3; true'
|
||||||
|
|
||||||
[[ $(nix eval --impure '(builtins.readFile ./pure-eval.sh)') =~ clearStore ]]
|
[[ $(nix eval --impure --expr 'builtins.readFile ./pure-eval.sh') =~ clearStore ]]
|
||||||
|
|
||||||
(! nix eval '(builtins.readFile ./pure-eval.sh)')
|
(! nix eval --expr 'builtins.readFile ./pure-eval.sh')
|
||||||
|
|
||||||
(! nix eval '(builtins.currentTime)')
|
(! nix eval --expr builtins.currentTime)
|
||||||
(! nix eval '(builtins.currentSystem)')
|
(! nix eval --expr builtins.currentSystem)
|
||||||
|
|
||||||
(! nix-instantiate --pure-eval ./simple.nix)
|
(! nix-instantiate --pure-eval ./simple.nix)
|
||||||
|
|
||||||
[[ $(nix eval --impure "((import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x)") == 123 ]]
|
[[ $(nix eval --impure --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x") == 123 ]]
|
||||||
(! nix eval "((import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x)")
|
(! nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x")
|
||||||
nix eval "((import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; sha256 = \"$(nix hash-file pure-eval.nix --type sha256)\"; })).x)"
|
nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; sha256 = \"$(nix hash-file pure-eval.nix --type sha256)\"; })).x"
|
||||||
|
|
|
@ -17,18 +17,18 @@ nix-instantiate --restrict-eval --eval -E 'builtins.readDir ../src/nix-channel'
|
||||||
(! nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>')
|
(! nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>')
|
||||||
nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>' -I src=.
|
nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>' -I src=.
|
||||||
|
|
||||||
p=$(nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval --allowed-uris "file://$(pwd)")
|
p=$(nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)")
|
||||||
cmp $p restricted.sh
|
cmp $p restricted.sh
|
||||||
|
|
||||||
(! nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval)
|
(! nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval)
|
||||||
|
|
||||||
(! nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh/")
|
(! nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh/")
|
||||||
|
|
||||||
nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh"
|
nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh"
|
||||||
|
|
||||||
(! nix eval --raw "(builtins.fetchurl https://github.com/NixOS/patchelf/archive/master.tar.gz)" --impure --restrict-eval)
|
(! nix eval --raw --expr "builtins.fetchurl https://github.com/NixOS/patchelf/archive/master.tar.gz" --impure --restrict-eval)
|
||||||
(! nix eval --raw "(builtins.fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)" --impure --restrict-eval)
|
(! nix eval --raw --expr "builtins.fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz" --impure --restrict-eval)
|
||||||
(! nix eval --raw "(fetchGit git://github.com/NixOS/patchelf.git)" --impure --restrict-eval)
|
(! nix eval --raw --expr "fetchGit git://github.com/NixOS/patchelf.git" --impure --restrict-eval)
|
||||||
|
|
||||||
ln -sfn $(pwd)/restricted.nix $TEST_ROOT/restricted.nix
|
ln -sfn $(pwd)/restricted.nix $TEST_ROOT/restricted.nix
|
||||||
[[ $(nix-instantiate --eval $TEST_ROOT/restricted.nix) == 3 ]]
|
[[ $(nix-instantiate --eval $TEST_ROOT/restricted.nix) == 3 ]]
|
||||||
|
@ -37,7 +37,7 @@ ln -sfn $(pwd)/restricted.nix $TEST_ROOT/restricted.nix
|
||||||
(! nix-instantiate --eval --restrict-eval $TEST_ROOT/restricted.nix -I .)
|
(! nix-instantiate --eval --restrict-eval $TEST_ROOT/restricted.nix -I .)
|
||||||
nix-instantiate --eval --restrict-eval $TEST_ROOT/restricted.nix -I $TEST_ROOT -I .
|
nix-instantiate --eval --restrict-eval $TEST_ROOT/restricted.nix -I $TEST_ROOT -I .
|
||||||
|
|
||||||
[[ $(nix eval --raw --impure --restrict-eval -I . '(builtins.readFile "${import ./simple.nix}/hello")') == 'Hello World!' ]]
|
[[ $(nix eval --raw --impure --restrict-eval -I . --expr 'builtins.readFile "${import ./simple.nix}/hello"') == 'Hello World!' ]]
|
||||||
|
|
||||||
# Check whether we can leak symlink information through directory traversal.
|
# Check whether we can leak symlink information through directory traversal.
|
||||||
traverseDir="$(pwd)/restricted-traverse-me"
|
traverseDir="$(pwd)/restricted-traverse-me"
|
||||||
|
@ -45,7 +45,7 @@ ln -sfn "$(pwd)/restricted-secret" "$(pwd)/restricted-innocent"
|
||||||
mkdir -p "$traverseDir"
|
mkdir -p "$traverseDir"
|
||||||
goUp="..$(echo "$traverseDir" | sed -e 's,[^/]\+,..,g')"
|
goUp="..$(echo "$traverseDir" | sed -e 's,[^/]\+,..,g')"
|
||||||
output="$(nix eval --raw --restrict-eval -I "$traverseDir" \
|
output="$(nix eval --raw --restrict-eval -I "$traverseDir" \
|
||||||
"(builtins.readFile \"$traverseDir/$goUp$(pwd)/restricted-innocent\")" \
|
--expr "builtins.readFile \"$traverseDir/$goUp$(pwd)/restricted-innocent\"" \
|
||||||
2>&1 || :)"
|
2>&1 || :)"
|
||||||
echo "$output" | grep "is forbidden"
|
echo "$output" | grep "is forbidden"
|
||||||
! echo "$output" | grep -F restricted-secret
|
! echo "$output" | grep -F restricted-secret
|
||||||
|
|
Loading…
Reference in a new issue