nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 06:52:43 +01:00
Code Activity
nix/tests/functional/check-refs.sh
John Ericson 00d2bf91b2 Parse deriving paths in DerivationOptions 
This is an example of "Parse, don't validate" principle [1].

Before, we had a number of `StringSet`s in `DerivationOptions` that
were not *actually* allowed to be arbitrary sets of strings. Instead,
each set member had to be one of:

- a store path

- a CA "downstream placeholder"

- an output name

Only later, in the code that checks outputs, would these strings be
further parsed to match these cases. (Actually, only 2 by that point,
because the placeholders must be rewritten away by then.)

Now, we fully parse everything up front, and have an "honest" data type
that reflects these invariants:

- store paths are parsed, stored as (opaque) deriving paths

- CA "downstream placeholders" are rewritten to the output deriving
  paths they denote

- output names are the only arbitrary strings left

Since the first two cases both become deriving paths, that leaves us
with a `std::variant<SingleDerivedPath, String>` data type, which we use
in our sets instead.

Getting rid of placeholders is especially nice because we are replacing
them with something much more internally-structured / transparent.

[1]: https://lexi-lambda.github.io/blog/2019/11/05/parse-don-t-validate/

Co-authored-by: Sergei Zimmerman <sergei@zimmerman.foo>
2025-11-07 00:47:19 -05:00

68 lines
2.1 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
source common.sh
TODO_NixOS
clearStore
RESULT=$TEST_ROOT/result
dep=$(nix-build -o "$RESULT" check-refs.nix -A dep)
# test1 references dep, not itself.
test1=$(nix-build -o "$RESULT" check-refs.nix -A test1)
nix-store -q --references "$test1" | grepQuietInverse "$test1"
nix-store -q --references "$test1" | grepQuiet "$dep"
# test2 references src, not itself nor dep.
test2=$(nix-build -o "$RESULT" check-refs.nix -A test2)
nix-store -q --references "$test2" | grepQuietInverse "$test2"
nix-store -q --references "$test2" | grepQuietInverse "$dep"
nix-store -q --references "$test2" | grepQuiet aux-ref
# test3 should fail (unallowed ref).
(! nix-build -o "$RESULT" check-refs.nix -A test3)
# test4 should succeed.
nix-build -o "$RESULT" check-refs.nix -A test4
# test5 should succeed.
nix-build -o "$RESULT" check-refs.nix -A test5
# test6 should fail (unallowed self-ref).
(! nix-build -o "$RESULT" check-refs.nix -A test6)
# test7 should succeed (allowed self-ref).
nix-build -o "$RESULT" check-refs.nix -A test7
# test8 should fail (toFile depending on derivation output).
(! nix-build -o "$RESULT" check-refs.nix -A test8)
# test9 should fail (disallowed reference).
(! nix-build -o "$RESULT" check-refs.nix -A test9)
# test10 should succeed (no disallowed references).
nix-build -o "$RESULT" check-refs.nix -A test10
if ! isTestOnNixOS; then
# If we have full control over our store, we can test some more things.
if isDaemonNewer 2.12pre20230103; then
if ! isDaemonNewer 2.16.0; then
enableFeatures discard-references
restartDaemon
fi
# test11 should succeed.
test11=$(nix-build -o "$RESULT" check-refs.nix -A test11)
[[ -z $(nix-store -q --references "$test11") ]]
fi
fi
if isDaemonNewer "2.28pre20241225"; then
# test12 should fail (syntactically invalid).
expectStderr 1 nix-build -vvv -o "$RESULT" check-refs.nix -A test12 >"$TEST_ROOT/test12.stderr"
grepQuiet -F "output check for 'lib' contains output name 'dev', but this is not a valid output of this derivation. (Valid outputs are [lib, out].)" < "$TEST_ROOT/test12.stderr"
fi
View git blame Copy permalink