diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 8ef74498d..baa240a04 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -106,7 +106,6 @@ enable = true; excludes = [ # We haven't linted these files yet - ''^tests/functional/linux-sandbox\.sh$'' ''^tests/functional/logging\.sh$'' ''^tests/functional/misc\.sh$'' ''^tests/functional/multiple-outputs\.sh$'' diff --git a/tests/functional/linux-sandbox.sh b/tests/functional/linux-sandbox.sh index abb635f11..c3ddf6ce6 100755 --- a/tests/functional/linux-sandbox.sh +++ b/tests/functional/linux-sandbox.sh @@ -19,8 +19,8 @@ if [[ ! $SHELL =~ /nix/store ]]; then skipTest "Shell is not from Nix store"; fi # An alias to automatically bind-mount the $SHELL on nix-build invocations nix-sandbox-build () { nix-build --no-out-link --sandbox-paths /nix/store "$@"; } -chmod -R u+w $TEST_ROOT/store0 || true -rm -rf $TEST_ROOT/store0 +chmod -R u+w "$TEST_ROOT"/store0 || true +rm -rf "$TEST_ROOT"/store0 export NIX_STORE_DIR=/my/store export NIX_REMOTE=$TEST_ROOT/store0 @@ -29,11 +29,11 @@ outPath=$(nix-sandbox-build dependencies.nix) [[ $outPath =~ /my/store/.*-dependencies ]] -nix path-info -r $outPath | grep input-2 +nix path-info -r "$outPath" | grep input-2 -nix store ls -R -l $outPath | grep foobar +nix store ls -R -l "$outPath" | grep foobar -nix store cat $outPath/foobar | grep FOOBAR +nix store cat "$outPath"/foobar | grep FOOBAR # Test --check without hash rewriting. nix-sandbox-build dependencies.nix --check @@ -42,9 +42,9 @@ nix-sandbox-build dependencies.nix --check nix-sandbox-build check.nix -A nondeterministic # `100 + 4` means non-determinstic, see doc/manual/source/command-ref/status-build-failure.md -expectStderr 104 nix-sandbox-build check.nix -A nondeterministic --check -K > $TEST_ROOT/log -grepQuietInverse 'error: renaming' $TEST_ROOT/log -grepQuiet 'may not be deterministic' $TEST_ROOT/log +expectStderr 104 nix-sandbox-build check.nix -A nondeterministic --check -K > "$TEST_ROOT"/log +grepQuietInverse 'error: renaming' "$TEST_ROOT"/log +grepQuiet 'may not be deterministic' "$TEST_ROOT"/log # Test that sandboxed builds cannot write to /etc easily # `100` means build failure without extra info, see doc/manual/source/command-ref/status-build-failure.md @@ -59,7 +59,7 @@ testCert () { certFile=$3 # a string that can be the path to a cert file # `100` means build failure without extra info, see doc/manual/source/command-ref/status-build-failure.md [ "$mode" == fixed-output ] && ret=1 || ret=100 - expectStderr $ret nix-sandbox-build linux-sandbox-cert-test.nix --argstr mode "$mode" --option ssl-cert-file "$certFile" | + expectStderr "$ret" nix-sandbox-build linux-sandbox-cert-test.nix --argstr mode "$mode" --option ssl-cert-file "$certFile" | grepQuiet "CERT_${expectation}_IN_SANDBOX" } @@ -68,10 +68,10 @@ cert=$TEST_ROOT/some-cert-file.pem symlinkcert=$TEST_ROOT/symlink-cert-file.pem transitivesymlinkcert=$TEST_ROOT/transitive-symlink-cert-file.pem symlinkDir=$TEST_ROOT/symlink-dir -echo -n "CERT_CONTENT" > $cert -ln -s $cert $symlinkcert -ln -s $symlinkcert $transitivesymlinkcert -ln -s $TEST_ROOT $symlinkDir +echo -n "CERT_CONTENT" > "$cert" +ln -s "$cert" "$symlinkcert" +ln -s "$symlinkcert" "$transitivesymlinkcert" +ln -s "$TEST_ROOT" "$symlinkDir" # No cert in sandbox when not a fixed-output derivation testCert missing normal "$cert"