-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Matthew Bauer <mjbauer95@gmail.com>
- Loading branch information
1 parent
53f92c7
commit cbc4344
Showing
15 changed files
with
181 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
{ busybox }: | ||
|
||
with import ./config.nix; | ||
|
||
let | ||
|
||
mkDerivation = args: | ||
derivation ({ | ||
inherit system; | ||
builder = busybox; | ||
args = ["sh" "-e" args.builder or (builtins.toFile "builder-${args.name}.sh" "if [ -e .attrs.sh ]; then source .attrs.sh; fi; eval \"$buildCommand\"")]; | ||
outputHashMode = "recursive"; | ||
outputHashAlgo = "sha256"; | ||
} // removeAttrs args ["builder" "meta"]) | ||
// { meta = args.meta or {}; }; | ||
|
||
input1 = mkDerivation { | ||
shell = busybox; | ||
name = "build-remote-input-1"; | ||
buildCommand = "echo FOO > $out"; | ||
outputHash = "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc="; | ||
}; | ||
|
||
input2 = mkDerivation { | ||
shell = busybox; | ||
name = "build-remote-input-2"; | ||
buildCommand = "echo BAR > $out"; | ||
outputHash = "sha256-XArauVH91AVwP9hBBQNlkX9ccuPpSYx9o0zeIHb6e+Q="; | ||
}; | ||
|
||
input3 = mkDerivation { | ||
shell = busybox; | ||
name = "build-remote-input-3"; | ||
buildCommand = '' | ||
read x < ${input2} | ||
echo $x BAZ > $out | ||
''; | ||
outputHash = "sha256-daKAcPp/+BYMQsVi/YYMlCKoNAxCNDsaivwSHgQqD2s="; | ||
}; | ||
|
||
in | ||
|
||
mkDerivation { | ||
shell = busybox; | ||
name = "build-remote"; | ||
buildCommand = '' | ||
read x < ${input1} | ||
read y < ${input3} | ||
echo "$x $y" > $out | ||
''; | ||
outputHash = "sha256-5SxbkUw6xe2l9TE1uwCvTtTDysD1vhRor38OtDF0LqQ="; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
source common.sh | ||
|
||
# We act as if remote trusts us, but it doesn't. This fails since we are | ||
# building input-addressed derivations with `buildDerivation`, which | ||
# depends on trust. | ||
file=build-hook.nix | ||
prog=$(readlink -e ./nix-daemon-untrusting.sh) | ||
proto=ssh-ng | ||
trusting=true | ||
|
||
! source build-remote-trustless.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
source common.sh | ||
|
||
# Remote trusts us but we pretend it doesn't. | ||
file=build-hook.nix | ||
prog=nix-store | ||
proto=ssh | ||
trusting=false | ||
|
||
source build-remote-trustless.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
source common.sh | ||
|
||
# Remote trusts us but we pretend it doesn't. | ||
file=build-hook.nix | ||
prog=nix-daemon | ||
proto=ssh-ng | ||
trusting=false | ||
|
||
source build-remote-trustless.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
source common.sh | ||
|
||
# Remote doesn't trust us nor do we think it does | ||
file=build-hook.nix | ||
prog=$(readlink -e ./nix-daemon-untrusting.sh) | ||
proto=ssh-ng | ||
trusting=false | ||
|
||
source build-remote-trustless.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
source common.sh | ||
|
||
# We act as if remote trusts us, but it doesn't. This is fine because we | ||
# are only building (fixed) CA derivations. | ||
file=build-hook-ca.nix | ||
prog=$(readlink -e ./nix-daemon-untrusting.sh) | ||
proto=ssh-ng | ||
trusting=true | ||
|
||
source build-remote-trustless.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
if ! canUseSandbox; then exit; fi | ||
if ! [[ $busybox =~ busybox ]]; then exit; fi | ||
|
||
unset NIX_STORE_DIR | ||
unset NIX_STATE_DIR | ||
|
||
# Note: ssh://localhost bypasses ssh, directly invoking nix-store as a | ||
# child process. This allows us to test LegacySSHStore::buildDerivation(). | ||
# ssh-ng://... likewise allows us to test RemoteStore::buildDerivation(). | ||
|
||
nix build -L -v -f $file -o $TEST_ROOT/result --max-jobs 0 \ | ||
--arg busybox $busybox \ | ||
--store $TEST_ROOT/local \ | ||
--builders "$proto://localhost?remote-program=$prog&trusting=$trusting&remote-store=$TEST_ROOT/remote%3Fsystem-features=foo%20bar%20baz - - 1 1 foo,bar,baz" | ||
|
||
outPath=$(readlink -f $TEST_ROOT/result) | ||
|
||
grep 'FOO BAR BAZ' $TEST_ROOT/${subDir}/local${outPath} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/sh | ||
|
||
exec nix-daemon --no-trust "$@" |