diff options
Diffstat (limited to 'tvix/derivation')
-rw-r--r-- | tvix/derivation/Cargo.toml | 1 | ||||
-rw-r--r-- | tvix/derivation/src/lib.rs | 4 | ||||
-rw-r--r-- | tvix/derivation/src/output.rs | 6 | ||||
-rw-r--r-- | tvix/derivation/src/tests/mod.rs | 10 | ||||
-rw-r--r-- | tvix/derivation/src/validate.rs | 104 |
5 files changed, 123 insertions, 2 deletions
diff --git a/tvix/derivation/Cargo.toml b/tvix/derivation/Cargo.toml index ec998c446508..b63b3ab9fd57 100644 --- a/tvix/derivation/Cargo.toml +++ b/tvix/derivation/Cargo.toml @@ -6,6 +6,7 @@ edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] +anyhow = "1.0.68" glob = "0.3.0" serde = { version = "1.0", features = ["derive"] } sha2 = "0.10.6" diff --git a/tvix/derivation/src/lib.rs b/tvix/derivation/src/lib.rs index a8360fbafc5e..f0a654e111a2 100644 --- a/tvix/derivation/src/lib.rs +++ b/tvix/derivation/src/lib.rs @@ -1,9 +1,9 @@ +mod derivation; mod nix_hash; mod output; mod string_escape; +mod validate; mod write; -mod derivation; - #[cfg(test)] mod tests; diff --git a/tvix/derivation/src/output.rs b/tvix/derivation/src/output.rs index 0d668c3e9952..2839110971d2 100644 --- a/tvix/derivation/src/output.rs +++ b/tvix/derivation/src/output.rs @@ -1,4 +1,5 @@ use serde::{Deserialize, Serialize}; +use tvix_store::nixpath::NixPath; #[derive(Serialize, Deserialize)] pub struct Output { @@ -20,4 +21,9 @@ impl Output { pub fn is_fixed(&self) -> bool { self.hash.is_some() } + + pub fn validate(&self) -> anyhow::Result<()> { + NixPath::from_absolute_path(&self.path)?; + Ok(()) + } } diff --git a/tvix/derivation/src/tests/mod.rs b/tvix/derivation/src/tests/mod.rs index 435d82144067..1b55c6e3e751 100644 --- a/tvix/derivation/src/tests/mod.rs +++ b/tvix/derivation/src/tests/mod.rs @@ -31,6 +31,16 @@ fn check_serizaliation(path_to_drv_file: &str) { } #[test_resources("src/tests/derivation_tests/*.drv")] +fn validate(path_to_drv_file: &str) { + let data = read_file(&format!("{}.json", path_to_drv_file)); + let derivation: Derivation = serde_json::from_str(&data).expect("JSON was not well-formatted"); + + derivation + .validate() + .expect("derivation failed to validate") +} + +#[test_resources("src/tests/derivation_tests/*.drv")] fn check_to_string(path_to_drv_file: &str) { let data = read_file(&format!("{}.json", path_to_drv_file)); let derivation: Derivation = serde_json::from_str(&data).expect("JSON was not well-formatted"); diff --git a/tvix/derivation/src/validate.rs b/tvix/derivation/src/validate.rs new file mode 100644 index 000000000000..e0f62a323fcf --- /dev/null +++ b/tvix/derivation/src/validate.rs @@ -0,0 +1,104 @@ +use crate::{derivation::Derivation, write::DOT_FILE_EXT}; +use anyhow::bail; +use tvix_store::nixpath::NixPath; + +impl Derivation { + /// validate ensures a Derivation struct is properly populated, + /// and returns an error if not. + /// TODO(flokli): make this proper errors + pub fn validate(&self) -> anyhow::Result<()> { + // Ensure the number of outputs is > 1 + if self.outputs.is_empty() { + bail!("0 outputs"); + } + + // Validate all outputs + for (output_name, output) in &self.outputs { + if output_name.is_empty() { + bail!("output_name from outputs may not be empty") + } + + if output.is_fixed() { + if self.outputs.len() != 1 { + bail!("encountered fixed-output, but there's more than 1 output in total"); + } + if output_name != "out" { + bail!("the fixed-output output name must be called 'out'"); + } + + break; + } + + output.validate()?; + } + + // Validate all input_derivations + for (input_derivation_path, output_names) in &self.input_derivations { + // Validate input_derivation_path + NixPath::from_absolute_path(input_derivation_path)?; + if !input_derivation_path.ends_with(DOT_FILE_EXT) { + bail!( + "derivation {} does not end with .drv", + input_derivation_path + ); + } + + if output_names.is_empty() { + bail!( + "output_names list for {} may not be empty", + input_derivation_path + ); + } + + for (i, output_name) in output_names.iter().enumerate() { + if output_name.is_empty() { + bail!( + "output name entry for {} may not be empty", + input_derivation_path + ) + } + // if i is at least 1, peek at the previous element to ensure output_names are sorted. + if i > 0 && (output_names[i - 1] >= *output_name) { + bail!( + "invalid input derivation output order: {} < {}", + output_name, + output_names[i - 1], + ); + } + } + } + + // Validate all input_sources + for (i, input_source) in self.input_sources.iter().enumerate() { + NixPath::from_absolute_path(input_source)?; + + if i > 0 && self.input_sources[i - 1] >= *input_source { + bail!( + "invalid input source order: {} < {}", + input_source, + self.input_sources[i - 1], + ); + } + } + + // validate platform + if self.system.is_empty() { + bail!("required attribute 'platform' missing"); + } + + // validate builder + if self.builder.is_empty() { + bail!("required attribute 'builder' missing"); + } + + // validate env, none of the keys may be empty. + // We skip the `name` validation seen in go-nix. + for k in self.environment.keys() { + if k.is_empty() { + bail!("found empty environment variable key"); + } + } + + Ok(()) + } +} |