diff --git a/ci/gha/tests/default.nix b/ci/gha/tests/default.nix index 5dbb3f407..74d0b8c7e 100644 --- a/ci/gha/tests/default.nix +++ b/ci/gha/tests/default.nix @@ -55,13 +55,11 @@ let }; # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted. - preConfigure = - prevAttrs.preConfigure or "" - + '' - mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}" - CFLAGS+="$mappingFlag" - CXXFLAGS+="$mappingFlag" - ''; + preConfigure = prevAttrs.preConfigure or "" + '' + mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}" + CFLAGS+="$mappingFlag" + CXXFLAGS+="$mappingFlag" + ''; }; componentOverrides = diff --git a/doc/manual/package.nix b/doc/manual/package.nix index af6d46a2a..69b7c0e49 100644 --- a/doc/manual/package.nix +++ b/doc/manual/package.nix @@ -46,24 +46,23 @@ mkMesonDerivation (finalAttrs: { ]; # Hack for sake of the dev shell - passthru.externalNativeBuildInputs = - [ - meson - ninja - (lib.getBin lowdown-unsandboxed) - mdbook - mdbook-linkcheck - jq - python3 - rsync - changelog-d - ] - ++ lib.optionals (!officialRelease) [ - # When not an official release, we likely have changelog entries that have - # yet to be rendered. - # When released, these are rendered into a committed file to save a dependency. - changelog-d - ]; + passthru.externalNativeBuildInputs = [ + meson + ninja + (lib.getBin lowdown-unsandboxed) + mdbook + mdbook-linkcheck + jq + python3 + rsync + changelog-d + ] + ++ lib.optionals (!officialRelease) [ + # When not an official release, we likely have changelog entries that have + # yet to be rendered. + # When released, these are rendered into a committed file to save a dependency. + changelog-d + ]; nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [ nix-cli diff --git a/docker.nix b/docker.nix index ed62c3a4e..619e75c54 100644 --- a/docker.nix +++ b/docker.nix @@ -65,62 +65,61 @@ let iana-etc gitMinimal openssh - ] ++ extraPkgs; + ] + ++ extraPkgs; - users = - { + users = { - root = { - uid = 0; - shell = lib.getExe bashInteractive; - home = "/root"; - gid = 0; - groups = [ "root" ]; - description = "System administrator"; - }; - - nobody = { - uid = 65534; - shell = lib.getExe' shadow "nologin"; - home = "/var/empty"; - gid = 65534; - groups = [ "nobody" ]; - description = "Unprivileged account (don't use!)"; - }; - - } - // lib.optionalAttrs (uid != 0) { - "${uname}" = { - uid = uid; - shell = lib.getExe bashInteractive; - home = "/home/${uname}"; - gid = gid; - groups = [ "${gname}" ]; - description = "Nix user"; - }; - } - // lib.listToAttrs ( - map (n: { - name = "nixbld${toString n}"; - value = { - uid = 30000 + n; - gid = 30000; - groups = [ "nixbld" ]; - description = "Nix build user ${toString n}"; - }; - }) (lib.lists.range 1 32) - ); - - groups = - { - root.gid = 0; - nixbld.gid = 30000; - nobody.gid = 65534; - } - // lib.optionalAttrs (gid != 0) { - "${gname}".gid = gid; + root = { + uid = 0; + shell = lib.getExe bashInteractive; + home = "/root"; + gid = 0; + groups = [ "root" ]; + description = "System administrator"; }; + nobody = { + uid = 65534; + shell = lib.getExe' shadow "nologin"; + home = "/var/empty"; + gid = 65534; + groups = [ "nobody" ]; + description = "Unprivileged account (don't use!)"; + }; + + } + // lib.optionalAttrs (uid != 0) { + "${uname}" = { + uid = uid; + shell = lib.getExe bashInteractive; + home = "/home/${uname}"; + gid = gid; + groups = [ "${gname}" ]; + description = "Nix user"; + }; + } + // lib.listToAttrs ( + map (n: { + name = "nixbld${toString n}"; + value = { + uid = 30000 + n; + gid = 30000; + groups = [ "nixbld" ]; + description = "Nix build user ${toString n}"; + }; + }) (lib.lists.range 1 32) + ); + + groups = { + root.gid = 0; + nixbld.gid = 30000; + nobody.gid = 65534; + } + // lib.optionalAttrs (gid != 0) { + "${gname}".gid = gid; + }; + userToPasswd = ( k: { diff --git a/packaging/components.nix b/packaging/components.nix index 661857833..b5fad4043 100644 --- a/packaging/components.nix +++ b/packaging/components.nix @@ -54,12 +54,12 @@ let preConfigure = prevAttrs.preConfigure or "" + - # Update the repo-global .version file. - # Symlink ./.version points there, but by default only workDir is writable. - '' - chmod u+w ./.version - echo ${finalAttrs.version} > ./.version - ''; + # Update the repo-global .version file. + # Symlink ./.version points there, but by default only workDir is writable. + '' + chmod u+w ./.version + echo ${finalAttrs.version} > ./.version + ''; }; localSourceLayer = @@ -148,7 +148,8 @@ let nativeBuildInputs = [ meson ninja - ] ++ prevAttrs.nativeBuildInputs or [ ]; + ] + ++ prevAttrs.nativeBuildInputs or [ ]; mesonCheckFlags = prevAttrs.mesonCheckFlags or [ ] ++ [ "--print-errorlogs" ]; diff --git a/packaging/dev-shell.nix b/packaging/dev-shell.nix index 27d819ec4..949f79752 100644 --- a/packaging/dev-shell.nix +++ b/packaging/dev-shell.nix @@ -71,17 +71,16 @@ pkgs.nixComponents2.nix-util.overrideAttrs ( # We use this shell with the local checkout, not unpackPhase. src = null; - env = - { - # For `make format`, to work without installing pre-commit - _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml" - modular.pre-commit.settings.rawConfig - }"; - } - // lib.optionalAttrs stdenv.hostPlatform.isLinux { - CC_LD = "mold"; - CXX_LD = "mold"; - }; + env = { + # For `make format`, to work without installing pre-commit + _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml" + modular.pre-commit.settings.rawConfig + }"; + } + // lib.optionalAttrs stdenv.hostPlatform.isLinux { + CC_LD = "mold"; + CXX_LD = "mold"; + }; mesonFlags = map (transformFlag "libutil") (ignoreCrossFile pkgs.nixComponents2.nix-util.mesonFlags) @@ -126,17 +125,18 @@ pkgs.nixComponents2.nix-util.overrideAttrs ( ) ++ lib.optional stdenv.hostPlatform.isLinux pkgs.buildPackages.mold-wrapped; - buildInputs = - [ pkgs.gbenchmark ] - ++ attrs.buildInputs or [ ] - ++ pkgs.nixComponents2.nix-util.buildInputs - ++ pkgs.nixComponents2.nix-store.buildInputs - ++ pkgs.nixComponents2.nix-store-tests.externalBuildInputs - ++ pkgs.nixComponents2.nix-fetchers.buildInputs - ++ pkgs.nixComponents2.nix-expr.buildInputs - ++ pkgs.nixComponents2.nix-expr.externalPropagatedBuildInputs - ++ pkgs.nixComponents2.nix-cmd.buildInputs - ++ lib.optionals havePerl pkgs.nixComponents2.nix-perl-bindings.externalBuildInputs - ++ lib.optional havePerl pkgs.perl; + buildInputs = [ + pkgs.gbenchmark + ] + ++ attrs.buildInputs or [ ] + ++ pkgs.nixComponents2.nix-util.buildInputs + ++ pkgs.nixComponents2.nix-store.buildInputs + ++ pkgs.nixComponents2.nix-store-tests.externalBuildInputs + ++ pkgs.nixComponents2.nix-fetchers.buildInputs + ++ pkgs.nixComponents2.nix-expr.buildInputs + ++ pkgs.nixComponents2.nix-expr.externalPropagatedBuildInputs + ++ pkgs.nixComponents2.nix-cmd.buildInputs + ++ lib.optionals havePerl pkgs.nixComponents2.nix-perl-bindings.externalBuildInputs + ++ lib.optional havePerl pkgs.perl; } ) diff --git a/packaging/everything.nix b/packaging/everything.nix index 5bf57f95a..f6bdad490 100644 --- a/packaging/everything.nix +++ b/packaging/everything.nix @@ -47,25 +47,25 @@ }: let - libs = - { - inherit - nix-util - nix-util-c - nix-store - nix-store-c - nix-fetchers - nix-fetchers-c - nix-expr - nix-expr-c - nix-flake - nix-flake-c - nix-main - nix-main-c - nix-cmd - ; - } - // lib.optionalAttrs + libs = { + inherit + nix-util + nix-util-c + nix-store + nix-store-c + nix-fetchers + nix-fetchers-c + nix-expr + nix-expr-c + nix-flake + nix-flake-c + nix-main + nix-main-c + nix-cmd + ; + } + // + lib.optionalAttrs (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform) { # Currently fails in static build @@ -127,20 +127,19 @@ stdenv.mkDerivation (finalAttrs: { */ dontFixup = true; - checkInputs = - [ - # Make sure the unit tests have passed - nix-util-tests.tests.run - nix-store-tests.tests.run - nix-expr-tests.tests.run - nix-fetchers-tests.tests.run - nix-flake-tests.tests.run + checkInputs = [ + # Make sure the unit tests have passed + nix-util-tests.tests.run + nix-store-tests.tests.run + nix-expr-tests.tests.run + nix-fetchers-tests.tests.run + nix-flake-tests.tests.run - # Make sure the functional tests have passed - nix-functional-tests - ] - ++ lib.optionals - (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform) + # Make sure the functional tests have passed + nix-functional-tests + ] + ++ + lib.optionals (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ # Perl currently fails in static build # TODO: Split out tests into a separate derivation? diff --git a/src/libcmd/package.nix b/src/libcmd/package.nix index be5054f64..c382f0e57 100644 --- a/src/libcmd/package.nix +++ b/src/libcmd/package.nix @@ -53,7 +53,8 @@ mkMesonLibrary (finalAttrs: { buildInputs = [ ({ inherit editline readline; }.${readlineFlavor}) - ] ++ lib.optional enableMarkdown lowdown; + ] + ++ lib.optional enableMarkdown lowdown; propagatedBuildInputs = [ nix-util diff --git a/src/libexpr/package.nix b/src/libexpr/package.nix index 50161c58b..a67a8cc49 100644 --- a/src/libexpr/package.nix +++ b/src/libexpr/package.nix @@ -70,13 +70,15 @@ mkMesonLibrary (finalAttrs: { nix-util nix-store nix-fetchers - ] ++ finalAttrs.passthru.externalPropagatedBuildInputs; + ] + ++ finalAttrs.passthru.externalPropagatedBuildInputs; # Hack for sake of the dev shell passthru.externalPropagatedBuildInputs = [ boost nlohmann_json - ] ++ lib.optional enableGC boehmgc; + ] + ++ lib.optional enableGC boehmgc; mesonFlags = [ (lib.mesonEnable "gc" enableGC) diff --git a/src/libstore-tests/package.nix b/src/libstore-tests/package.nix index 00d40365e..90e6af519 100644 --- a/src/libstore-tests/package.nix +++ b/src/libstore-tests/package.nix @@ -43,15 +43,14 @@ mkMesonExecutable (finalAttrs: { ]; # Hack for sake of the dev shell - passthru.externalBuildInputs = - [ - sqlite - rapidcheck - gtest - ] - ++ lib.optionals withBenchmarks [ - gbenchmark - ]; + passthru.externalBuildInputs = [ + sqlite + rapidcheck + gtest + ] + ++ lib.optionals withBenchmarks [ + gbenchmark + ]; buildInputs = finalAttrs.passthru.externalBuildInputs ++ [ nix-store diff --git a/src/libstore/package.nix b/src/libstore/package.nix index 775776139..47805547b 100644 --- a/src/libstore/package.nix +++ b/src/libstore/package.nix @@ -58,30 +58,28 @@ mkMesonLibrary (finalAttrs: { nativeBuildInputs = lib.optional embeddedSandboxShell unixtools.hexdump; - buildInputs = - [ - boost - curl - sqlite - ] - ++ lib.optional stdenv.hostPlatform.isLinux libseccomp - # There have been issues building these dependencies - ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox - ++ lib.optional withAWS aws-sdk-cpp; + buildInputs = [ + boost + curl + sqlite + ] + ++ lib.optional stdenv.hostPlatform.isLinux libseccomp + # There have been issues building these dependencies + ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox + ++ lib.optional withAWS aws-sdk-cpp; propagatedBuildInputs = [ nix-util nlohmann_json ]; - mesonFlags = - [ - (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux) - (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell) - ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ - (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox") - ]; + mesonFlags = [ + (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux) + (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell) + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox") + ]; meta = { platforms = lib.platforms.unix ++ lib.platforms.windows; diff --git a/src/libutil/package.nix b/src/libutil/package.nix index 46f56e07e..3deb7ba3a 100644 --- a/src/libutil/package.nix +++ b/src/libutil/package.nix @@ -52,7 +52,8 @@ mkMesonLibrary (finalAttrs: { libblake3 libsodium openssl - ] ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid; + ] + ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid; propagatedBuildInputs = [ boost diff --git a/src/perl/package.nix b/src/perl/package.nix index 5841570cd..10d84de77 100644 --- a/src/perl/package.nix +++ b/src/perl/package.nix @@ -45,7 +45,8 @@ perl.pkgs.toPerlModule ( buildInputs = [ nix-store - ] ++ finalAttrs.passthru.externalBuildInputs; + ] + ++ finalAttrs.passthru.externalBuildInputs; # Hack for sake of the dev shell passthru.externalBuildInputs = [ diff --git a/tests/functional/lang/eval-okay-attrnames.nix b/tests/functional/lang/eval-okay-attrnames.nix index 085e78084..7cdb41538 100644 --- a/tests/functional/lang/eval-okay-attrnames.nix +++ b/tests/functional/lang/eval-okay-attrnames.nix @@ -2,16 +2,15 @@ with import ./lib.nix; let - attrs = - { - y = "y"; - x = "x"; - foo = "foo"; - } - // rec { - x = "newx"; - bar = x; - }; + attrs = { + y = "y"; + x = "x"; + foo = "foo"; + } + // rec { + x = "newx"; + bar = x; + }; names = builtins.attrNames attrs; diff --git a/tests/functional/lang/eval-okay-attrs.nix b/tests/functional/lang/eval-okay-attrs.nix index 787b9a933..0350e6e72 100644 --- a/tests/functional/lang/eval-okay-attrs.nix +++ b/tests/functional/lang/eval-okay-attrs.nix @@ -1,15 +1,14 @@ let { - as = - { - x = 123; - y = 456; - } - // { - z = 789; - } - // { - z = 987; - }; + as = { + x = 123; + y = 456; + } + // { + z = 789; + } + // { + z = 987; + }; body = if as ? a then diff --git a/tests/functional/lang/eval-okay-attrs2.nix b/tests/functional/lang/eval-okay-attrs2.nix index 0896f9cf1..234ed1be7 100644 --- a/tests/functional/lang/eval-okay-attrs2.nix +++ b/tests/functional/lang/eval-okay-attrs2.nix @@ -1,15 +1,14 @@ let { - as = - { - x = 123; - y = 456; - } - // { - z = 789; - } - // { - z = 987; - }; + as = { + x = 123; + y = 456; + } + // { + z = 789; + } + // { + z = 987; + }; A = "a"; Z = "z"; diff --git a/tests/functional/lang/eval-okay-import.nix b/tests/functional/lang/eval-okay-import.nix index 484dccac0..9558b7ffc 100644 --- a/tests/functional/lang/eval-okay-import.nix +++ b/tests/functional/lang/eval-okay-import.nix @@ -6,7 +6,8 @@ let scopedImport = attrs: fn: scopedImport (overrides // attrs) fn; builtins = builtins // overrides; - } // import ./lib.nix; + } + // import ./lib.nix; in scopedImport overrides ./imported.nix diff --git a/tests/functional/nested-sandboxing/runner.nix b/tests/functional/nested-sandboxing/runner.nix index d0d441a82..cc193844d 100644 --- a/tests/functional/nested-sandboxing/runner.nix +++ b/tests/functional/nested-sandboxing/runner.nix @@ -6,32 +6,31 @@ mkDerivation { name = "nested-sandboxing"; busybox = builtins.getEnv "busybox"; EXTRA_SANDBOX = builtins.getEnv "EXTRA_SANDBOX"; - buildCommand = - '' - set -x - set -eu -o pipefail - '' - + ( - if altitude == 0 then - '' - echo Deep enough! > $out - '' - else - '' - cp -r ${../common} ./common - cp ${../common.sh} ./common.sh - cp ${../config.nix} ./config.nix - cp -r ${./.} ./nested-sandboxing + buildCommand = '' + set -x + set -eu -o pipefail + '' + + ( + if altitude == 0 then + '' + echo Deep enough! > $out + '' + else + '' + cp -r ${../common} ./common + cp ${../common.sh} ./common.sh + cp ${../config.nix} ./config.nix + cp -r ${./.} ./nested-sandboxing - export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH + export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH - export _NIX_TEST_SOURCE_DIR=$PWD - export _NIX_TEST_BUILD_DIR=$PWD + export _NIX_TEST_SOURCE_DIR=$PWD + export _NIX_TEST_BUILD_DIR=$PWD - source common.sh - source ./nested-sandboxing/command.sh + source common.sh + source ./nested-sandboxing/command.sh - runNixBuild ${storeFun} ${toString altitude} >> $out - '' - ); + runNixBuild ${storeFun} ${toString altitude} >> $out + '' + ); } diff --git a/tests/functional/package.nix b/tests/functional/package.nix index 716e21fe4..1f1d10ea8 100644 --- a/tests/functional/package.nix +++ b/tests/functional/package.nix @@ -47,26 +47,25 @@ mkMesonDerivation ( ]; # Hack for sake of the dev shell - passthru.externalNativeBuildInputs = - [ - meson - ninja - pkg-config + passthru.externalNativeBuildInputs = [ + meson + ninja + pkg-config - jq - git - mercurial - unixtools.script - ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ - # For various sandboxing tests that needs a statically-linked shell, - # etc. - busybox-sandbox-shell - # For Overlay FS tests need `mount`, `umount`, and `unshare`. - # For `script` command (ensuring a TTY) - # TODO use `unixtools` to be precise over which executables instead? - util-linux - ]; + jq + git + mercurial + unixtools.script + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + # For various sandboxing tests that needs a statically-linked shell, + # etc. + busybox-sandbox-shell + # For Overlay FS tests need `mount`, `umount`, and `unshare`. + # For `script` command (ensuring a TTY) + # TODO use `unixtools` to be precise over which executables instead? + util-linux + ]; nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [ nix-cli diff --git a/tests/nixos/remote-builds.nix b/tests/nixos/remote-builds.nix index 3bfb651bd..ba5fdc2af 100644 --- a/tests/nixos/remote-builds.nix +++ b/tests/nixos/remote-builds.nix @@ -20,7 +20,8 @@ let nix.settings.sandbox = true; services.openssh.ports = [ 22 - ] ++ lib.optional supportsCustomPort 2222; + ] + ++ lib.optional supportsCustomPort 2222; # Regression test for use of PID namespaces when /proc has # filesystems mounted on top of it