nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-08 19:46:02 +01:00
Code Activity

don't include derivation name in temporary build directories

Browse source 
With the migration to /nix/var/nix/builds we now have failing builds
when the derivation name is too long.
This change removes the derivation name from the temporary build to have
a predictable prefix length:

Also see: https://github.com/NixOS/infra/pull/764
for context.

(cherry picked from commit 725a2f379f)
This commit is contained in:
Jörg Thalheim 2025-08-27 09:29:47 +02:00 committed by Mergify
parent 8fc22db0e1
commit 7c3fd50617
4 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/functional/check.sh
View file

@ -52,10 +52,10 @@ test_custom_build_dir() {
nix-build check.nix -A failed --argstr checkBuildId "$checkBuildId" \
--no-out-link --keep-failed --option build-dir "$TEST_ROOT/custom-build-dir" 2> "$TEST_ROOT/log" || status=$?
[ "$status" = "100" ]
[[ 1 == "$(count "$customBuildDir/nix-build-"*)" ]]
local buildDir=("$customBuildDir/nix-build-"*)
[[ 1 == "$(count "$customBuildDir/nix-"*)" ]]
local buildDir=("$customBuildDir/nix-"*)
if [[ "${#buildDir[@]}" -ne 1 ]]; then
echo "expected one nix-build-* directory, got: ${buildDir[*]}" >&2
echo "expected one nix-* directory, got: ${buildDir[*]}" >&2
exit 1
fi
if [[ -e ${buildDir[*]}/build ]]; then

8
tests/nixos/user-sandboxing/default.nix
View file

@ -104,8 +104,8 @@ in
# Wait for the build to be ready
# This is OK because it runs as root, so we can access everything
machine.wait_until_succeeds("stat /nix/var/nix/builds/nix-build-open-build-dir.drv-*/build/syncPoint")
dir = machine.succeed("ls -d /nix/var/nix/builds/nix-build-open-build-dir.drv-*").strip()
machine.wait_until_succeeds("stat /nix/var/nix/builds/nix-*/build/syncPoint")
dir = machine.succeed("ls -d /nix/var/nix/builds/nix-*").strip()
# But Alice shouldn't be able to access the build directory
machine.fail(f"su alice -c 'ls {dir}/build'")
@ -125,8 +125,8 @@ in
args = [ (builtins.storePath "${create-hello-world}") ];
}' >&2 &
""".strip())
machine.wait_until_succeeds("stat /nix/var/nix/builds/nix-build-innocent.drv-*/build/syncPoint")
dir = machine.succeed("ls -d /nix/var/nix/builds/nix-build-innocent.drv-*").strip()
machine.wait_until_succeeds("stat /nix/var/nix/builds/nix-*/build/syncPoint")
dir = machine.succeed("ls -d /nix/var/nix/builds/nix-*").strip()
# The build ran as `nixbld1` (which is the only build user on the
# machine), but a process running as `nixbld1` outside the sandbox