Merge branch 'master' (pre-reformat)

2025-11-28 05:00:58 +01:00 · 2025-07-23 21:08:47 +02:00 · 2025-07-23 21:08:47 +02:00 · d23f9674bb
commit d23f9674bb
parent 2059f72d02 60c48b7058
101 changed files with 1178 additions and 744 deletions
--- a/tests/functional/build-cores.nix
+++ b/tests/functional/build-cores.nix
@ -0,0 +1,11 @@
+with import ./config.nix;
+
+{
+  # Test derivation that checks the NIX_BUILD_CORES environment variable
+  testCores = mkDerivation {
+    name = "test-build-cores";
+    buildCommand = ''
+      echo "$NIX_BUILD_CORES" > $out
+    '';
+  };
+}
--- a/tests/functional/build-cores.sh
+++ b/tests/functional/build-cores.sh
@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+source common.sh
+
+clearStoreIfPossible
+
+echo "Testing build-cores configuration behavior..."
+
+# Test 1: When build-cores is set to a non-zero value, NIX_BUILD_CORES should have that value
+echo "Testing build-cores=4..."
+rm -f "$TEST_ROOT"/build-cores-output
+nix-build --cores 4 build-cores.nix -A testCores -o "$TEST_ROOT"/build-cores-output
+result=$(cat "$(readlink "$TEST_ROOT"/build-cores-output)")
+if [[ "$result" != "4" ]]; then
+    echo "FAIL: Expected NIX_BUILD_CORES=4, got $result"
+    exit 1
+fi
+echo "PASS: build-cores=4 correctly sets NIX_BUILD_CORES=4"
+rm -f "$TEST_ROOT"/build-cores-output
+
+# Test 2: When build-cores is set to 0, NIX_BUILD_CORES should be resolved to getDefaultCores()
+echo "Testing build-cores=0..."
+nix-build --cores 0 build-cores.nix -A testCores -o "$TEST_ROOT"/build-cores-output
+result=$(cat "$(readlink "$TEST_ROOT"/build-cores-output)")
+if [[ "$result" == "0" ]]; then
+    echo "FAIL: NIX_BUILD_CORES should not be 0 when build-cores=0"
+    exit 1
+fi
+echo "PASS: build-cores=0 resolves to NIX_BUILD_CORES=$result (should be > 0)"
+rm -f "$TEST_ROOT"/build-cores-output
+
+echo "All build-cores tests passed!"
--- a/tests/functional/fetchGit.sh
+++ b/tests/functional/fetchGit.sh
@ -53,6 +53,27 @@ rm -rf $TEST_HOME/.cache/nix
 path=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
 [[ $(cat $path/hello) = world ]]

+# Fetch again. This should be cached.
+# NOTE: This has to be done before the test case below which tries to pack-refs
+# the reason being that the lookup on the cache uses the ref-file `/refs/heads/master`
+# which does not exist after packing.
+mv $repo ${repo}-tmp
+path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
+[[ $path = $path2 ]]
+
+[[ $(nix eval --impure --expr "(builtins.fetchGit file://$repo).revCount") = 2 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).shortRev") = ${rev2:0:7} ]]
+
+# Fetching with a explicit hash should succeed.
+path2=$(nix eval --refresh --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
+[[ $path = $path2 ]]
+
+path2=$(nix eval --refresh --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev1\"; }).outPath")
+[[ $(cat $path2/hello) = utrecht ]]
+
+mv ${repo}-tmp $repo
+
 # Fetch when the cache has packed-refs
 # Regression test of #8822
 git -C $TEST_HOME/.cache/nix/gitv3/*/ pack-refs --all
@ -83,24 +104,6 @@ path2=$(nix eval --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"
 # But without a hash, it fails.
 expectStderr 1 nix eval --expr 'builtins.fetchGit "file:///foo"' | grepQuiet "'fetchGit' doesn't fetch unlocked input"

-# Fetch again. This should be cached.
-mv $repo ${repo}-tmp
-path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
-[[ $path = $path2 ]]
-
-[[ $(nix eval --impure --expr "(builtins.fetchGit file://$repo).revCount") = 2 ]]
-[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
-[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).shortRev") = ${rev2:0:7} ]]
-
-# Fetching with a explicit hash should succeed.
-path2=$(nix eval --refresh --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
-[[ $path = $path2 ]]
-
-path2=$(nix eval --refresh --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev1\"; }).outPath")
-[[ $(cat $path2/hello) = utrecht ]]
-
-mv ${repo}-tmp $repo
-
 # Using a clean working tree should produce the same result.
 path2=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
 [[ $path = $path2 ]]
--- a/tests/functional/flakes/flakes.sh
+++ b/tests/functional/flakes/flakes.sh
@ -432,3 +432,41 @@ nix flake metadata "$flake2Dir" --reference-lock-file $TEST_ROOT/flake2-overridd

 # reference-lock-file can only be used if allow-dirty is set.
 expectStderr 1 nix flake metadata "$flake2Dir" --no-allow-dirty --reference-lock-file $TEST_ROOT/flake2-overridden.lock
+
+# After changing an input (flake2 from newFlake2Rev to prevFlake2Rev), we should have the transitive inputs locked by revision $prevFlake2Rev of flake2.
+prevFlake1Rev=$(nix flake metadata --json "$flake1Dir" | jq -r .revision)
+prevFlake2Rev=$(nix flake metadata --json "$flake2Dir" | jq -r .revision)
+
+echo "# bla" >> "$flake1Dir/flake.nix"
+git -C "$flake1Dir" commit flake.nix -m 'bla'
+
+nix flake update --flake "$flake2Dir"
+git -C "$flake2Dir" commit flake.lock -m 'bla'
+
+newFlake1Rev=$(nix flake metadata --json "$flake1Dir" | jq -r .revision)
+newFlake2Rev=$(nix flake metadata --json "$flake2Dir" | jq -r .revision)
+
+cat > "$flake3Dir/flake.nix" <<EOF
+{
+  inputs.flake2.url = "flake:flake2/master/$newFlake2Rev";
+
+  outputs = { self, flake2 }: {
+  };
+}
+EOF
+git -C "$flake3Dir" commit flake.nix -m 'bla'
+
+rm "$flake3Dir/flake.lock"
+nix flake lock "$flake3Dir"
+[[ "$(nix flake metadata --json "$flake3Dir" | jq -r .locks.nodes.flake1.locked.rev)" = $newFlake1Rev ]]
+
+cat > "$flake3Dir/flake.nix" <<EOF
+{
+  inputs.flake2.url = "flake:flake2/master/$prevFlake2Rev";
+
+  outputs = { self, flake2 }: {
+  };
+}
+EOF
+
+[[ "$(nix flake metadata --json "$flake3Dir" | jq -r .locks.nodes.flake1.locked.rev)" = $prevFlake1Rev ]]
--- a/tests/functional/lang/eval-fail-missing-arg-import.err.exp
+++ b/tests/functional/lang/eval-fail-missing-arg-import.err.exp
@ -0,0 +1,12 @@
+error:
+       … from call site
+         at /pwd/lang/eval-fail-missing-arg-import.nix:1:1:
+            1| import ./non-eval-trivial-lambda-formals.nix { }
+             | ^
+            2|
+
+       error: function 'anonymous lambda' called without required argument 'a'
+       at /pwd/lang/non-eval-trivial-lambda-formals.nix:1:1:
+            1| { a }: a
+             | ^
+            2|
--- a/tests/functional/lang/eval-fail-missing-arg-import.nix
+++ b/tests/functional/lang/eval-fail-missing-arg-import.nix
@ -0,0 +1 @@
+import ./non-eval-trivial-lambda-formals.nix { }
--- a/tests/functional/lang/eval-fail-undeclared-arg-import.err.exp
+++ b/tests/functional/lang/eval-fail-undeclared-arg-import.err.exp
@ -0,0 +1,13 @@
+error:
+       … from call site
+         at /pwd/lang/eval-fail-undeclared-arg-import.nix:1:1:
+            1| import ./non-eval-trivial-lambda-formals.nix {
+             | ^
+            2|   a = "a";
+
+       error: function 'anonymous lambda' called with unexpected argument 'b'
+       at /pwd/lang/non-eval-trivial-lambda-formals.nix:1:1:
+            1| { a }: a
+             | ^
+            2|
+       Did you mean a?
--- a/tests/functional/lang/eval-fail-undeclared-arg-import.nix
+++ b/tests/functional/lang/eval-fail-undeclared-arg-import.nix
@ -0,0 +1,4 @@
+import ./non-eval-trivial-lambda-formals.nix {
+  a = "a";
+  b = "b";
+}
--- a/tests/functional/lang/non-eval-trivial-lambda-formals.nix
+++ b/tests/functional/lang/non-eval-trivial-lambda-formals.nix
@ -0,0 +1 @@
+{ a }: a
--- a/tests/functional/meson.build
+++ b/tests/functional/meson.build
@ -145,6 +145,7 @@ suites = [
      'placeholders.sh',
      'ssh-relay.sh',
      'build.sh',
+      'build-cores.sh',
      'build-delete.sh',
      'output-normalization.sh',
      'selfref-gc.sh',
--- a/tests/nixos/github-flakes.nix
+++ b/tests/nixos/github-flakes.nix
@ -81,7 +81,7 @@ let
    mkdir -p $out/archive

    dir=NixOS-nixpkgs-${nixpkgs.shortRev}
-    cp -prd ${nixpkgs} $dir
+    cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir
    # Set the correct timestamp in the tarball.
    find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${
      builtins.substring 12 2 nixpkgs.lastModifiedDate
--- a/tests/nixos/sourcehut-flakes.nix
+++ b/tests/nixos/sourcehut-flakes.nix
@ -48,7 +48,7 @@ let

  nixpkgs-repo = pkgs.runCommand "nixpkgs-flake" { } ''
    dir=NixOS-nixpkgs-${nixpkgs.shortRev}
-    cp -prd ${nixpkgs} $dir
+    cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir

    # Set the correct timestamp in the tarball.
    find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${
--- a/tests/nixos/tarball-flakes.nix
+++ b/tests/nixos/tarball-flakes.nix
@ -13,7 +13,7 @@ let

    set -x
    dir=nixpkgs-${nixpkgs.shortRev}
-    cp -prd ${nixpkgs} $dir
+    cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir
    # Set the correct timestamp in the tarball.
    find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${
      builtins.substring 12 2 nixpkgs.lastModifiedDate
--- a/tests/nixos/user-sandboxing/default.nix
+++ b/tests/nixos/user-sandboxing/default.nix
@ -104,15 +104,16 @@ in

          # Wait for the build to be ready
          # This is OK because it runs as root, so we can access everything
-          machine.wait_for_file("/tmp/nix-build-open-build-dir.drv-0/build/syncPoint")
+          machine.wait_until_succeeds("stat /nix/var/nix/builds/nix-build-open-build-dir.drv-*/build/syncPoint")
+          dir = machine.succeed("ls -d /nix/var/nix/builds/nix-build-open-build-dir.drv-*").strip()

          # But Alice shouldn't be able to access the build directory
-          machine.fail("su alice -c 'ls /tmp/nix-build-open-build-dir.drv-0/build'")
-          machine.fail("su alice -c 'touch /tmp/nix-build-open-build-dir.drv-0/build/bar'")
-          machine.fail("su alice -c 'cat /tmp/nix-build-open-build-dir.drv-0/build/foo'")
+          machine.fail(f"su alice -c 'ls {dir}/build'")
+          machine.fail(f"su alice -c 'touch {dir}/build/bar'")
+          machine.fail(f"su alice -c 'cat {dir}/build/foo'")

          # Tell the user to finish the build
-          machine.succeed("echo foo > /tmp/nix-build-open-build-dir.drv-0/build/syncPoint")
+          machine.succeed(f"echo foo > {dir}/build/syncPoint")

      with subtest("Being able to execute stuff as the build user doesn't give access to the build dir"):
          machine.succeed(r"""
@ -124,16 +125,17 @@ in
                args = [ (builtins.storePath "${create-hello-world}") ];
            }' >&2 &
          """.strip())
-          machine.wait_for_file("/tmp/nix-build-innocent.drv-0/build/syncPoint")
+          machine.wait_until_succeeds("stat /nix/var/nix/builds/nix-build-innocent.drv-*/build/syncPoint")
+          dir = machine.succeed("ls -d /nix/var/nix/builds/nix-build-innocent.drv-*").strip()

          # The build ran as `nixbld1` (which is the only build user on the
          # machine), but a process running as `nixbld1` outside the sandbox
          # shouldn't be able to touch the build directory regardless
-          machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'ls /tmp/nix-build-innocent.drv-0/build'")
-          machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'echo pwned > /tmp/nix-build-innocent.drv-0/build/result'")
+          machine.fail(f"su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'ls {dir}/build'")
+          machine.fail(f"su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'echo pwned > {dir}/build/result'")

          # Finish the build
-          machine.succeed("echo foo > /tmp/nix-build-innocent.drv-0/build/syncPoint")
+          machine.succeed(f"echo foo > {dir}/build/syncPoint")

          # Check that the build was not affected
          machine.succeed(r"""
				`@ -0,0 +1 @@`
				`import ./non-eval-trivial-lambda-formals.nix { }`