diff --git a/docker.nix b/docker.nix index ffcbec088..1b9fb7d34 100644 --- a/docker.nix +++ b/docker.nix @@ -38,60 +38,58 @@ let ] ++ extraPkgs; - users = - { + users = { - root = { - uid = 0; - shell = "${pkgs.bashInteractive}/bin/bash"; - home = "/root"; - gid = 0; - groups = [ "root" ]; - description = "System administrator"; - }; - - nobody = { - uid = 65534; - shell = "${pkgs.shadow}/bin/nologin"; - home = "/var/empty"; - gid = 65534; - groups = [ "nobody" ]; - description = "Unprivileged account (don't use!)"; - }; - - } - // lib.optionalAttrs (uid != 0) { - "${uname}" = { - uid = uid; - shell = "${pkgs.bashInteractive}/bin/bash"; - home = "/home/${uname}"; - gid = gid; - groups = [ "${gname}" ]; - description = "Nix user"; - }; - } - // lib.listToAttrs ( - map (n: { - name = "nixbld${toString n}"; - value = { - uid = 30000 + n; - gid = 30000; - groups = [ "nixbld" ]; - description = "Nix build user ${toString n}"; - }; - }) (lib.lists.range 1 32) - ); - - groups = - { - root.gid = 0; - nixbld.gid = 30000; - nobody.gid = 65534; - } - // lib.optionalAttrs (gid != 0) { - "${gname}".gid = gid; + root = { + uid = 0; + shell = "${pkgs.bashInteractive}/bin/bash"; + home = "/root"; + gid = 0; + groups = [ "root" ]; + description = "System administrator"; }; + nobody = { + uid = 65534; + shell = "${pkgs.shadow}/bin/nologin"; + home = "/var/empty"; + gid = 65534; + groups = [ "nobody" ]; + description = "Unprivileged account (don't use!)"; + }; + + } + // lib.optionalAttrs (uid != 0) { + "${uname}" = { + uid = uid; + shell = "${pkgs.bashInteractive}/bin/bash"; + home = "/home/${uname}"; + gid = gid; + groups = [ "${gname}" ]; + description = "Nix user"; + }; + } + // lib.listToAttrs ( + map (n: { + name = "nixbld${toString n}"; + value = { + uid = 30000 + n; + gid = 30000; + groups = [ "nixbld" ]; + description = "Nix build user ${toString n}"; + }; + }) (lib.lists.range 1 32) + ); + + groups = { + root.gid = 0; + nixbld.gid = 30000; + nobody.gid = 65534; + } + // lib.optionalAttrs (gid != 0) { + "${gname}".gid = gid; + }; + userToPasswd = ( k: { diff --git a/packaging/components.nix b/packaging/components.nix index c3c5fb68e..8bf05b4c1 100644 --- a/packaging/components.nix +++ b/packaging/components.nix @@ -54,12 +54,12 @@ let preConfigure = prevAttrs.preConfigure or "" + - # Update the repo-global .version file. - # Symlink ./.version points there, but by default only workDir is writable. - '' - chmod u+w ./.version - echo ${finalAttrs.version} > ./.version - ''; + # Update the repo-global .version file. + # Symlink ./.version points there, but by default only workDir is writable. + '' + chmod u+w ./.version + echo ${finalAttrs.version} > ./.version + ''; }; localSourceLayer = @@ -148,7 +148,8 @@ let nativeBuildInputs = [ meson ninja - ] ++ prevAttrs.nativeBuildInputs or [ ]; + ] + ++ prevAttrs.nativeBuildInputs or [ ]; mesonCheckFlags = prevAttrs.mesonCheckFlags or [ ] ++ [ "--print-errorlogs" ]; diff --git a/packaging/everything.nix b/packaging/everything.nix index 1835eefb6..e2a2b8cd2 100644 --- a/packaging/everything.nix +++ b/packaging/everything.nix @@ -46,24 +46,24 @@ }: let - libs = - { - inherit - nix-util - nix-util-c - nix-store - nix-store-c - nix-fetchers - nix-expr - nix-expr-c - nix-flake - nix-flake-c - nix-main - nix-main-c - nix-cmd - ; - } - // lib.optionalAttrs + libs = { + inherit + nix-util + nix-util-c + nix-store + nix-store-c + nix-fetchers + nix-expr + nix-expr-c + nix-flake + nix-flake-c + nix-main + nix-main-c + nix-cmd + ; + } + // + lib.optionalAttrs (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform) { # Currently fails in static build @@ -125,20 +125,19 @@ stdenv.mkDerivation (finalAttrs: { */ dontFixup = true; - checkInputs = - [ - # Make sure the unit tests have passed - nix-util-tests.tests.run - nix-store-tests.tests.run - nix-expr-tests.tests.run - nix-fetchers-tests.tests.run - nix-flake-tests.tests.run + checkInputs = [ + # Make sure the unit tests have passed + nix-util-tests.tests.run + nix-store-tests.tests.run + nix-expr-tests.tests.run + nix-fetchers-tests.tests.run + nix-flake-tests.tests.run - # Make sure the functional tests have passed - nix-functional-tests - ] - ++ lib.optionals - (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform) + # Make sure the functional tests have passed + nix-functional-tests + ] + ++ + lib.optionals (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ # Perl currently fails in static build # TODO: Split out tests into a separate derivation? diff --git a/src/libcmd/package.nix b/src/libcmd/package.nix index be5054f64..c382f0e57 100644 --- a/src/libcmd/package.nix +++ b/src/libcmd/package.nix @@ -53,7 +53,8 @@ mkMesonLibrary (finalAttrs: { buildInputs = [ ({ inherit editline readline; }.${readlineFlavor}) - ] ++ lib.optional enableMarkdown lowdown; + ] + ++ lib.optional enableMarkdown lowdown; propagatedBuildInputs = [ nix-util diff --git a/src/libexpr/package.nix b/src/libexpr/package.nix index 50161c58b..a67a8cc49 100644 --- a/src/libexpr/package.nix +++ b/src/libexpr/package.nix @@ -70,13 +70,15 @@ mkMesonLibrary (finalAttrs: { nix-util nix-store nix-fetchers - ] ++ finalAttrs.passthru.externalPropagatedBuildInputs; + ] + ++ finalAttrs.passthru.externalPropagatedBuildInputs; # Hack for sake of the dev shell passthru.externalPropagatedBuildInputs = [ boost nlohmann_json - ] ++ lib.optional enableGC boehmgc; + ] + ++ lib.optional enableGC boehmgc; mesonFlags = [ (lib.mesonEnable "gc" enableGC) diff --git a/src/libstore/package.nix b/src/libstore/package.nix index 775776139..47805547b 100644 --- a/src/libstore/package.nix +++ b/src/libstore/package.nix @@ -58,30 +58,28 @@ mkMesonLibrary (finalAttrs: { nativeBuildInputs = lib.optional embeddedSandboxShell unixtools.hexdump; - buildInputs = - [ - boost - curl - sqlite - ] - ++ lib.optional stdenv.hostPlatform.isLinux libseccomp - # There have been issues building these dependencies - ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox - ++ lib.optional withAWS aws-sdk-cpp; + buildInputs = [ + boost + curl + sqlite + ] + ++ lib.optional stdenv.hostPlatform.isLinux libseccomp + # There have been issues building these dependencies + ++ lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.libs.sandbox + ++ lib.optional withAWS aws-sdk-cpp; propagatedBuildInputs = [ nix-util nlohmann_json ]; - mesonFlags = - [ - (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux) - (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell) - ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ - (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox") - ]; + mesonFlags = [ + (lib.mesonEnable "seccomp-sandboxing" stdenv.hostPlatform.isLinux) + (lib.mesonBool "embedded-sandbox-shell" embeddedSandboxShell) + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + (lib.mesonOption "sandbox-shell" "${busybox-sandbox-shell}/bin/busybox") + ]; meta = { platforms = lib.platforms.unix ++ lib.platforms.windows; diff --git a/src/libutil/package.nix b/src/libutil/package.nix index 17c84ff18..6bc8aeb3d 100644 --- a/src/libutil/package.nix +++ b/src/libutil/package.nix @@ -50,7 +50,8 @@ mkMesonLibrary (finalAttrs: { libblake3 libsodium openssl - ] ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid; + ] + ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid; propagatedBuildInputs = [ boost diff --git a/src/perl/package.nix b/src/perl/package.nix index 5841570cd..10d84de77 100644 --- a/src/perl/package.nix +++ b/src/perl/package.nix @@ -45,7 +45,8 @@ perl.pkgs.toPerlModule ( buildInputs = [ nix-store - ] ++ finalAttrs.passthru.externalBuildInputs; + ] + ++ finalAttrs.passthru.externalBuildInputs; # Hack for sake of the dev shell passthru.externalBuildInputs = [ diff --git a/tests/functional/lang/eval-okay-attrnames.nix b/tests/functional/lang/eval-okay-attrnames.nix index 085e78084..7cdb41538 100644 --- a/tests/functional/lang/eval-okay-attrnames.nix +++ b/tests/functional/lang/eval-okay-attrnames.nix @@ -2,16 +2,15 @@ with import ./lib.nix; let - attrs = - { - y = "y"; - x = "x"; - foo = "foo"; - } - // rec { - x = "newx"; - bar = x; - }; + attrs = { + y = "y"; + x = "x"; + foo = "foo"; + } + // rec { + x = "newx"; + bar = x; + }; names = builtins.attrNames attrs; diff --git a/tests/functional/lang/eval-okay-attrs.nix b/tests/functional/lang/eval-okay-attrs.nix index 787b9a933..0350e6e72 100644 --- a/tests/functional/lang/eval-okay-attrs.nix +++ b/tests/functional/lang/eval-okay-attrs.nix @@ -1,15 +1,14 @@ let { - as = - { - x = 123; - y = 456; - } - // { - z = 789; - } - // { - z = 987; - }; + as = { + x = 123; + y = 456; + } + // { + z = 789; + } + // { + z = 987; + }; body = if as ? a then diff --git a/tests/functional/lang/eval-okay-attrs2.nix b/tests/functional/lang/eval-okay-attrs2.nix index 0896f9cf1..234ed1be7 100644 --- a/tests/functional/lang/eval-okay-attrs2.nix +++ b/tests/functional/lang/eval-okay-attrs2.nix @@ -1,15 +1,14 @@ let { - as = - { - x = 123; - y = 456; - } - // { - z = 789; - } - // { - z = 987; - }; + as = { + x = 123; + y = 456; + } + // { + z = 789; + } + // { + z = 987; + }; A = "a"; Z = "z"; diff --git a/tests/functional/lang/eval-okay-import.nix b/tests/functional/lang/eval-okay-import.nix index 484dccac0..9558b7ffc 100644 --- a/tests/functional/lang/eval-okay-import.nix +++ b/tests/functional/lang/eval-okay-import.nix @@ -6,7 +6,8 @@ let scopedImport = attrs: fn: scopedImport (overrides // attrs) fn; builtins = builtins // overrides; - } // import ./lib.nix; + } + // import ./lib.nix; in scopedImport overrides ./imported.nix diff --git a/tests/functional/nested-sandboxing/runner.nix b/tests/functional/nested-sandboxing/runner.nix index d0d441a82..cc193844d 100644 --- a/tests/functional/nested-sandboxing/runner.nix +++ b/tests/functional/nested-sandboxing/runner.nix @@ -6,32 +6,31 @@ mkDerivation { name = "nested-sandboxing"; busybox = builtins.getEnv "busybox"; EXTRA_SANDBOX = builtins.getEnv "EXTRA_SANDBOX"; - buildCommand = - '' - set -x - set -eu -o pipefail - '' - + ( - if altitude == 0 then - '' - echo Deep enough! > $out - '' - else - '' - cp -r ${../common} ./common - cp ${../common.sh} ./common.sh - cp ${../config.nix} ./config.nix - cp -r ${./.} ./nested-sandboxing + buildCommand = '' + set -x + set -eu -o pipefail + '' + + ( + if altitude == 0 then + '' + echo Deep enough! > $out + '' + else + '' + cp -r ${../common} ./common + cp ${../common.sh} ./common.sh + cp ${../config.nix} ./config.nix + cp -r ${./.} ./nested-sandboxing - export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH + export PATH=${builtins.getEnv "NIX_BIN_DIR"}:$PATH - export _NIX_TEST_SOURCE_DIR=$PWD - export _NIX_TEST_BUILD_DIR=$PWD + export _NIX_TEST_SOURCE_DIR=$PWD + export _NIX_TEST_BUILD_DIR=$PWD - source common.sh - source ./nested-sandboxing/command.sh + source common.sh + source ./nested-sandboxing/command.sh - runNixBuild ${storeFun} ${toString altitude} >> $out - '' - ); + runNixBuild ${storeFun} ${toString altitude} >> $out + '' + ); } diff --git a/tests/functional/package.nix b/tests/functional/package.nix index 6c248bc61..5888367ad 100644 --- a/tests/functional/package.nix +++ b/tests/functional/package.nix @@ -46,25 +46,24 @@ mkMesonDerivation ( ]; # Hack for sake of the dev shell - passthru.externalNativeBuildInputs = - [ - meson - ninja - pkg-config + passthru.externalNativeBuildInputs = [ + meson + ninja + pkg-config - jq - git - mercurial - ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ - # For various sandboxing tests that needs a statically-linked shell, - # etc. - busybox-sandbox-shell - # For Overlay FS tests need `mount`, `umount`, and `unshare`. - # For `script` command (ensuring a TTY) - # TODO use `unixtools` to be precise over which executables instead? - util-linux - ]; + jq + git + mercurial + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + # For various sandboxing tests that needs a statically-linked shell, + # etc. + busybox-sandbox-shell + # For Overlay FS tests need `mount`, `umount`, and `unshare`. + # For `script` command (ensuring a TTY) + # TODO use `unixtools` to be precise over which executables instead? + util-linux + ]; nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [ nix-cli