From d80bf54e3b61b296a8944e2c95088c37661b0deb Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Mon, 5 Aug 2024 11:38:38 +0200
Subject: [PATCH 1/4] Add a VM test for S3BinaryCacheStore

Fixes #11238.

(cherry picked from commit 2950f9e18af1bd57b566b8c0b4df71022edb3b80)
---
 tests/nixos/default.nix               |  2 +
 tests/nixos/nix-copy-closure.nix      |  2 +-
 tests/nixos/s3-binary-cache-store.nix | 63 +++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 tests/nixos/s3-binary-cache-store.nix

diff --git a/tests/nixos/default.nix b/tests/nixos/default.nix
index 313dc2f3c..e79bb59b8 100644
--- a/tests/nixos/default.nix
+++ b/tests/nixos/default.nix
@@ -148,4 +148,6 @@ in
   user-sandboxing = runNixOSTestFor "x86_64-linux" ./user-sandboxing;
 
   fetchurl = runNixOSTestFor "x86_64-linux" ./fetchurl.nix;
+
+  s3-binary-cache-store = runNixOSTestFor "x86_64-linux" ./s3-binary-cache-store.nix;
 }
diff --git a/tests/nixos/nix-copy-closure.nix b/tests/nixos/nix-copy-closure.nix
index 66cbfb033..b9daa0a1f 100644
--- a/tests/nixos/nix-copy-closure.nix
+++ b/tests/nixos/nix-copy-closure.nix
@@ -1,6 +1,6 @@
 # Test ‘nix-copy-closure’.
 
-{ lib, config, nixpkgs, hostPkgs, ... }:
+{ lib, config, nixpkgs, ... }:
 
 let
   pkgs = config.nodes.client.nixpkgs.pkgs;
diff --git a/tests/nixos/s3-binary-cache-store.nix b/tests/nixos/s3-binary-cache-store.nix
new file mode 100644
index 000000000..015457968
--- /dev/null
+++ b/tests/nixos/s3-binary-cache-store.nix
@@ -0,0 +1,63 @@
+{ lib, config, nixpkgs, ... }:
+
+let
+  pkgs = config.nodes.client.nixpkgs.pkgs;
+
+  pkgA = pkgs.cowsay;
+
+  accessKey = "BKIKJAA5BMMU2RHO6IBB";
+  secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
+  env = "AWS_ACCESS_KEY_ID=${accessKey} AWS_SECRET_ACCESS_KEY=${secretKey}";
+
+  storeUrl = "s3://my-cache?endpoint=http://server:9000&region=eu-west-1";
+
+in {
+  name = "nix-copy-closure";
+
+  nodes =
+    { server =
+        { config, lib, pkgs, ... }:
+        { virtualisation.writableStore = true;
+          virtualisation.additionalPaths = [ pkgA ];
+          environment.systemPackages = [ pkgs.minio-client ];
+          nix.extraOptions = "experimental-features = nix-command";
+          services.minio = {
+            enable = true;
+            region = "eu-west-1";
+            rootCredentialsFile = pkgs.writeText "minio-credentials-full" ''
+              MINIO_ROOT_USER=${accessKey}
+              MINIO_ROOT_PASSWORD=${secretKey}
+            '';
+          };
+          networking.firewall.allowedTCPPorts = [ 9000 ];
+        };
+
+      client =
+        { config, pkgs, ... }:
+        { virtualisation.writableStore = true;
+          nix.extraOptions = "experimental-features = nix-command";
+        };
+    };
+
+  testScript = { nodes }: ''
+    # fmt: off
+    start_all()
+
+    # Create a binary cache.
+    server.wait_for_unit("minio")
+
+    server.succeed("mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4")
+    server.succeed("mc mb minio/my-cache")
+
+    server.succeed("${env} nix copy --to '${storeUrl}' ${pkgA}")
+
+    # Copy a package from the binary cache.
+    client.fail("nix path-info ${pkgA}")
+
+    client.succeed("${env} nix store info --store '${storeUrl}' >&2")
+
+    client.succeed("${env} nix copy --no-check-sigs --from '${storeUrl}' ${pkgA}")
+
+    client.succeed("nix path-info ${pkgA}")
+  '';
+}

From 4912a9e7fdd69b9b66437a94a86eb04789f2fd12 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Fri, 11 Oct 2024 14:31:15 +0200
Subject: [PATCH 2/4] builtins.fetchurl: Fix segfault on s3:// URLs

Also, add an activity to show that we're downloading an s3:// file.

Fixes #11674.

(cherry picked from commit 0500fba56a02c3c8458d257b6ea24af1c81c8b9e)
---
 src/libstore/filetransfer.cc          | 5 +++++
 tests/nixos/s3-binary-cache-store.nix | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc
index 5ea8b6f96..b84210805 100644
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@@ -754,12 +754,17 @@ struct curlFileTransfer : public FileTransfer
 
                 S3Helper s3Helper(profile, region, scheme, endpoint);
 
+                Activity act(*logger, lvlTalkative, actFileTransfer,
+                    fmt("downloading '%s'", request.uri),
+                    {request.uri}, request.parentAct);
+
                 // FIXME: implement ETag
                 auto s3Res = s3Helper.getObject(bucketName, key);
                 FileTransferResult res;
                 if (!s3Res.data)
                     throw FileTransferError(NotFound, "S3 object '%s' does not exist", request.uri);
                 res.data = std::move(*s3Res.data);
+                res.urls.push_back(request.uri);
                 callback(std::move(res));
 #else
                 throw nix::Error("cannot download '%s' because Nix is not built with S3 support", request.uri);
diff --git a/tests/nixos/s3-binary-cache-store.nix b/tests/nixos/s3-binary-cache-store.nix
index 015457968..6ae2e3572 100644
--- a/tests/nixos/s3-binary-cache-store.nix
+++ b/tests/nixos/s3-binary-cache-store.nix
@@ -51,6 +51,9 @@ in {
 
     server.succeed("${env} nix copy --to '${storeUrl}' ${pkgA}")
 
+    # Test fetchurl on s3:// URLs while we're at it.
+    client.succeed("${env} nix eval --impure --expr 'builtins.fetchurl { name = \"foo\"; url = \"s3://my-cache/nix-cache-info?endpoint=http://server:9000&region=eu-west-1\"; }'")
+
     # Copy a package from the binary cache.
     client.fail("nix path-info ${pkgA}")
 

From 339236d32ef337cdc5fb3e1e964f7ee92d7141f6 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Fri, 11 Oct 2024 14:55:22 +0200
Subject: [PATCH 3/4] Make S3 downloads slightly more interruptable

(cherry picked from commit d38f62f64d389cb4e9a582d89aa3f8a50fb3c074)
---
 src/libstore/s3-binary-cache-store.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc
index 21175b1eb..bcbf0b55e 100644
--- a/src/libstore/s3-binary-cache-store.cc
+++ b/src/libstore/s3-binary-cache-store.cc
@@ -9,6 +9,7 @@
 #include "globals.hh"
 #include "compression.hh"
 #include "filetransfer.hh"
+#include "signals.hh"
 
 #include <aws/core/Aws.h>
 #include <aws/core/VersionConfig.h>
@@ -117,6 +118,7 @@ class RetryStrategy : public Aws::Client::DefaultRetryStrategy
 {
     bool ShouldRetry(const Aws::Client::AWSError<Aws::Client::CoreErrors>& error, long attemptedRetries) const override
     {
+        checkInterrupt();
         auto retry = Aws::Client::DefaultRetryStrategy::ShouldRetry(error, attemptedRetries);
         if (retry)
             printError("AWS error '%s' (%s), will retry in %d ms",

From 1294442c6cc6a2ee883f9dd932ad5139f5b35a92 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Mon, 14 Oct 2024 13:15:55 +0200
Subject: [PATCH 4/4] Add assert

(cherry picked from commit d2f4d076195f048146fa64916283a524f6820380)
---
 src/libfetchers/tarball.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libfetchers/tarball.cc b/src/libfetchers/tarball.cc
index dd4f3b780..52ba73f62 100644
--- a/src/libfetchers/tarball.cc
+++ b/src/libfetchers/tarball.cc
@@ -90,6 +90,7 @@ DownloadFileResult downloadFile(
     /* Cache metadata for all URLs in the redirect chain. */
     for (auto & url : res.urls) {
         key.second.insert_or_assign("url", url);
+        assert(!res.urls.empty());
         infoAttrs.insert_or_assign("url", *res.urls.rbegin());
         getCache()->upsert(key, *store, infoAttrs, *storePath);
     }