Introduce --json-format for nix path-info

As discussed today at great length in the Nix meeting, we don't want to break the format, but we also don't want to impede the improvement of JSON formats. The solution is to add a new flag for control the output format. Note that prior to the release, we may want to replace `--json --json-format N` with `--json=N`, but this is being left for a separate PR, as we don't yet have `=` support for CLI flags.
2025-12-09 18:41:03 +01:00 · 2025-12-03 17:07:00 -05:00 · 2025-12-03 17:07:00 -05:00 · 1ad13a1423
commit 1ad13a1423
parent 69920f9557
36 changed files with 464 additions and 132 deletions
--- a/tests/functional/binary-cache.sh
+++ b/tests/functional/binary-cache.sh
@ -18,7 +18,7 @@ outPath=$(nix-build dependencies.nix --no-out-link)

 nix copy --to "file://$cacheDir" "$outPath"

-readarray -t paths < <(nix path-info --all --json --store "file://$cacheDir" | jq 'keys|sort|.[]' -r)
+readarray -t paths < <(nix path-info --all --json --json-format 2 --store "file://$cacheDir" | jq 'keys|sort|.[]' -r)
 [[ "${#paths[@]}" -eq 3 ]]
 for path in "${paths[@]}"; do
    [[ "$path" =~ -dependencies-input-0$ ]] \
--- a/tests/functional/fixed.sh
+++ b/tests/functional/fixed.sh
@ -14,7 +14,7 @@ nix-build fixed.nix -A bad --no-out-link && fail "should fail"
 # Building with the bad hash should produce the "good" output path as
 # a side-effect.
 [[ -e $path ]]
-nix path-info --json "$path" | jq -e \
+nix path-info --json --json-format 2 "$path" | jq -e \
    '.[].ca == {
        method: "flat",
        hash: {
--- a/tests/functional/git-hashing/simple-common.sh
+++ b/tests/functional/git-hashing/simple-common.sh
@ -47,7 +47,7 @@ try2 () {
    hashFromGit=$(git -C "$repo" rev-parse "HEAD:$hashPath")
    [[ "$hashFromGit" == "$expected" ]]

-    nix path-info --json "$path" | jq -e \
+    nix path-info --json --json-format 2 "$path" | jq -e \
        --arg algo "$hashAlgo" \
        --arg hash "$hashFromGit" \
        '.[].ca == {
--- a/tests/functional/impure-derivations.sh
+++ b/tests/functional/impure-derivations.sh
@ -30,7 +30,7 @@ path1_stuff=$(echo "$json" | jq -r .[].outputs.stuff)
 [[ $(< "$path1"/n) = 0 ]]
 [[ $(< "$path1_stuff"/bla) = 0 ]]

-nix path-info --json "$path1" | jq -e '.[].ca | .method == "nar" and .hash.algorithm == "sha256"'
+nix path-info --json --json-format 2 "$path1" | jq -e '.[].ca | .method == "nar" and .hash.algorithm == "sha256"'

 path2=$(nix build -L --no-link --json --file ./impure-derivations.nix impure | jq -r .[].outputs.out)
 [[ $(< "$path2"/n) = 1 ]]
--- a/tests/functional/nix-profile.sh
+++ b/tests/functional/nix-profile.sh
@ -166,7 +166,7 @@ printf 4.0 > "$flake1Dir"/version
 printf Utrecht > "$flake1Dir"/who
 nix profile add "$flake1Dir"
 [[ $("$TEST_HOME"/.nix-profile/bin/hello) = "Hello Utrecht" ]]
-nix path-info --json "$(realpath "$TEST_HOME"/.nix-profile/bin/hello)" | jq -e '.[].ca | .method == "nar" and .hash.algorithm == "sha256"'
+nix path-info --json --json-format 2 "$(realpath "$TEST_HOME"/.nix-profile/bin/hello)" | jq -e '.[].ca | .method == "nar" and .hash.algorithm == "sha256"'

 # Override the outputs.
 nix profile remove simple flake1
--- a/tests/functional/path-info.sh
+++ b/tests/functional/path-info.sh
@ -13,7 +13,7 @@ baz=$(nix store add-file "$TEST_ROOT"/baz)
 nix-store --delete "$baz"

 diff --unified --color=always \
-    <(nix path-info --json "$foo" "$bar" "$baz" |
+    <(nix path-info --json --json-format 2 "$foo" "$bar" "$baz" |
        jq --sort-keys 'map_values(.narHash)') \
    <(jq --sort-keys <<-EOF
        {
@ -31,3 +31,9 @@ diff --unified --color=always \
        }
 EOF
    )
+
+# Test that storeDir is returned in the JSON output
+nix path-info --json --json-format 2 "$foo" | jq -e \
+    --arg foo "$foo" \
+    --arg storeDir "${NIX_STORE_DIR:-/nix/store}" \
+    '.[$foo].storeDir == $storeDir'
--- a/tests/functional/signing.sh
+++ b/tests/functional/signing.sh
@ -14,7 +14,7 @@ pk2=$(cat "$TEST_ROOT"/pk2)
 outPath=$(nix-build dependencies.nix --no-out-link --secret-key-files "$TEST_ROOT/sk1 $TEST_ROOT/sk2")

 # Verify that the path got signed.
-info=$(nix path-info --json "$outPath")
+info=$(nix path-info --json --json-format 2 "$outPath")
 echo "$info" | jq -e '.[] | .ultimate == true'
 TODO_NixOS # looks like an actual bug? Following line fails on NixOS:
 echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
@ -39,7 +39,7 @@ outPath2=$(nix-build simple.nix --no-out-link)
 nix store verify -r "$outPath"

 # Verify that the path did not get signed but does have the ultimate bit.
-info=$(nix path-info --json "$outPath2")
+info=$(nix path-info --json --json-format 2 "$outPath2")
 echo "$info" | jq -e '.[] | .ultimate == true'
 echo "$info" | jq -e '.[] | .signatures == []'

@ -58,7 +58,7 @@ nix store verify -r "$outPath2" --sigs-needed 1 --trusted-public-keys "$pk1"
 # Build something content-addressed.
 outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)

-nix path-info --json "$outPathCA" | jq -e '.[].ca | .method == "flat" and .hash.algorithm == "md5"'
+nix path-info --json --json-format 2 "$outPathCA" | jq -e '.[].ca | .method == "flat" and .hash.algorithm == "md5"'

 # Content-addressed paths don't need signatures, so they verify
 # regardless of --sigs-needed.
@ -73,14 +73,14 @@ nix store verify -r "$outPathCA" --sigs-needed 1000 --trusted-public-keys "$pk1"
 nix copy --to file://"$cacheDir" "$outPath2"

 # Verify that signatures got copied.
-info=$(nix path-info --store file://"$cacheDir" --json "$outPath2")
+info=$(nix path-info --store file://"$cacheDir" --json --json-format 2 "$outPath2")
 echo "$info" | jq -e '.[] | .ultimate == false'
 echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
 echo "$info" | expect 4 jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'

 # Verify that adding a signature to a path in a binary cache works.
 nix store sign --store file://"$cacheDir" --key-file "$TEST_ROOT"/sk2 "$outPath2"
-info=$(nix path-info --store file://"$cacheDir" --json "$outPath2")
+info=$(nix path-info --store file://"$cacheDir" --json --json-format 2 "$outPath2")
 echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache1.example.org"))'
 echo "$info" | jq -e '.[] | .signatures.[] | select(startswith("cache2.example.org"))'

--- a/tests/nixos/fetchers-substitute.nix
+++ b/tests/nixos/fetchers-substitute.nix
@ -117,12 +117,12 @@
      tarball_store_path = json.loads(tarball_store_path_json)

      # Get the NAR hash of the unpacked tarball in SRI format
-      path_info_json = substituter.succeed(f"nix path-info --json {tarball_store_path}").strip()
+      path_info_json = substituter.succeed(f"nix path-info --json-format 2 --json {tarball_store_path}").strip()
      path_info_dict = json.loads(path_info_json)
      # nix path-info returns a dict with store paths as keys
      narHash_obj = path_info_dict[tarball_store_path]["narHash"]
-      # Convert from structured format {"algorithm": "sha256", "format": "base64", "hash": "..."} to SRI string
-      tarball_hash_sri = f"{narHash_obj['algorithm']}-{narHash_obj['hash']}"
+      # Convert from structured format {"algorithm": "sha256", "format": "base16", "hash": "..."} to SRI string
+      tarball_hash_sri = substituter.succeed(f"nix hash convert --to sri {narHash_obj['algorithm']}:{narHash_obj['hash']}").strip()
      print(f"Tarball NAR hash (SRI): {tarball_hash_sri}")

      # Also get the old format hash for fetchTarball (which uses sha256 parameter)