about summary refs log tree commit diff
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2014-01-08 Support cryptographically signed binary cachesEelco Dolstra1-0/+8
NAR info files in binary caches can now have a cryptographic signature that Nix will verify before using the corresponding NAR file. To create a private/public key pair for signing and verifying a binary cache, do: $ openssl genrsa -out ./cache-key.sec 2048 $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub You should also come up with a symbolic name for the key, such as "cache.example.org-1". This will be used by clients to look up the public key. (It's a good idea to number keys, in case you ever need to revoke/replace one.) To create a binary cache signed with the private key: $ nix-push --dest /path/to/binary-cache --key ./cache-key.sec --key-name cache.example.org-1 The public key (cache-key.pub) should be distributed to the clients. They should have a nix.conf should contain something like: signed-binary-caches = * binary-cache-public-key-cache.example.org-1 = /path/to/cache-key.pub If all works well, then if Nix fetches something from the signed binary cache, you will see a message like: *** Downloading ‘http://cache.example.org/nar/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’ (signed by ‘cache.example.org-1’) to ‘/nix/store/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’... On the other hand, if the signature is wrong, you get a message like NAR info file `http://cache.example.org/7dppcj5sc1nda7l54rjc0g5l1hamj09j.narinfo' has an invalid signature; ignoring Signatures are implemented as a single line appended to the NAR info file, which looks like this: Signature: 1;cache.example.org-1;HQ9Xzyanq9iV...muQ== Thus the signature has 3 fields: a version (currently "1"), the ID of key, and the base64-encoded signature of the SHA-256 hash of the contents of the NAR info file up to but not including the Signature line. Issue #75.
2014-01-06 Merge branch 'dynamic-attrs-no-sugar' of github.com:shlevy/nixEelco Dolstra6-0/+24
2014-01-06 Disable the tail call testEelco Dolstra1-0/+0
On i686-linux, GCC stubbornly refuses to do tail-call optimisation. Don't know why. http://hydra.nixos.org/build/7300170
2013-12-31 Fold dynamic binds handling into addAttrShea Levy2-0/+2
Since addAttr has to iterate through the AttrPath we pass it, it makes more sense to just iterate through the AttrNames in addAttr instead. As an added bonus, this allows attrsets where two dynamic attribute paths have the same static leading part (see added test case for an example that failed previously). Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-31 Dynamic attrsShea Levy2-0/+18
This adds new syntax for attribute names: * attrs."${name}" => getAttr name attrs * attrs ? "${name}" => isAttrs attrs && hasAttr attrs name * attrs."${name}" or def => if attrs ? "${name}" then attrs."${name}" else def * { "${name}" = value; } => listToAttrs [{ inherit name value; }] Of course, it's a bit more complicated than that. The attribute chains can be arbitrarily long and contain combinations of static and dynamic parts (e.g. attrs."${foo}".bar."${baz}" or qux), which is relatively straightforward for the getAttrs/hasAttrs cases but is more complex for the listToAttrs case due to rules about duplicate attribute definitions. For attribute sets with dynamic attribute names, duplicate static attributes are detected at parse time while duplicate dynamic attributes are detected when the attribute set is forced. So, for example, { a = null; a.b = null; "${"c"}" = true; } will be a parse-time error, while { a = {}; "${"a"}".b = null; c = true; } will be an eval-time error (technically that case could theoretically be detected at parse time, but the general case would require full evaluation). Moreover, duplicate dynamic attributes are not allowed even in cases where they would be with static attributes ({ a.b.d = true; a.b.c = false; } is legal, but { a."${"b"}".d = true; a."${"b"}".c = false; } is not). This restriction might be relaxed in the future in cases where the static variant would not be an error, but it is not obvious that that is desirable. Finally, recursive attribute sets with dynamic attributes have the static attributes in scope but not the dynamic ones. So rec { a = true; "${"b"}" = a; } is equivalent to { a = true; b = true; } but rec { "${"a"}" = true; b = a; } would be an error or use a from the surrounding scope if it exists. Note that the getAttr, getAttr or default, and hasAttr are all implemented purely in the parser as syntactic sugar, while attribute sets with dynamic attribute names required changes to the AST to be implemented cleanly. This is an alternative solution to and closes #167 Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-31 Add the ExprBuiltin Expr type to the ASTShea Levy2-0/+4
Certain desugaring schemes may require the parser to use some builtin function to do some of the work (e.g. currently `throw` is used to lazily cause an error if a `<>`-style path is not in the search path) Unfortunately, these names are not reserved keywords, so an expression that uses such a syntactic sugar will not see the expected behavior (see tests/lang/eval-okay-redefine-builtin.nix for an example). This adds the ExprBuiltin AST type, which when evaluated uses the value from the rootmost variable scope (which of course is initialized internally and can't shadow any of the builtins). Signed-off-by: Shea Levy <shea@shealevy.com>
2013-11-19 Add a toJSON primopEelco Dolstra2-0/+12
2013-11-18 Add a primop unsafeGetAttrPos to return the position of an attributeEelco Dolstra2-0/+7
2013-11-18 Add a symbol __curPos that expands to the current source locationEelco Dolstra2-0/+6
I.e. an attribute set { file = <string>; line = <int>; column = <int>; }.
2013-11-18 Support quoted attribute names in -AEelco Dolstra2-4/+4
This is requires if you have attribute names with dots in them. So you can now say: $ nix-instantiate '<nixos>' -A 'config.systemd.units."postgresql.service".text' --eval-only Fixes #151.
2013-11-12 Add a test to check that tail calls run in bounded stack spaceEelco Dolstra2-0/+4
2013-10-24 Rename "attribute sets" to "sets"Eelco Dolstra1-1/+1
We don't have any other kind of sets so calling them attribute sets is unnecessarily verbose.
2013-10-24 Add a test of the type primopsEelco Dolstra2-0/+24
2013-10-17 Fix testEelco Dolstra1-1/+2
2013-10-17 Test string semantics a bit moreEelco Dolstra2-3/+6
2013-10-17 Add a test for type correctness of antiquotesEelco Dolstra3-0/+3
Antiquotes should evaluate to strings or paths. This is usually checked, except in the case where the antiquote makes up the entire string, as in "${expr}". This is optimised to expr, which discards the runtime type checks / coercions.
2013-10-16 Add a regression test for correct path antiquotation behaviorEelco Dolstra1-0/+4
This broke in Nix 1.6.
2013-10-11 Adjust to the NixOS/Nixpkgs mergeEelco Dolstra2-2/+2
2013-09-02 Adda test for build-max-log-sizeEelco Dolstra2-14/+11
2013-08-26 Simplify inherited attribute handlingShea Levy2-0/+25
This reduces the difference between inherited and non-inherited attribute handling to the choice of which env to use (in recs and lets) by setting the AttrDef::e to a new ExprVar in the parser rather than carrying a separate AttrDef::v VarRef member. As an added bonus, this allows inherited attributes that inherit from a with to delay forcing evaluation of the with's attributes. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-08-26 Fix typos, especially those that end up in the Nix manualIvan Kozik1-1/+1
2013-08-02 Let the ordering operators also work on stringsEelco Dolstra2-1/+6
E.g. ‘"foo" < "bar"’ now works.
2013-08-02 Add comparison operators ‘<’, ‘<=’, ‘>’ and ‘>=’Eelco Dolstra2-1/+24
2013-08-02 Add integer ‘-’, ‘*’ and ‘/’ operatorsEelco Dolstra3-1/+11
2013-08-02 Add a unary integer negation operatorEelco Dolstra2-2/+7
This allows saying "-1" instead of "builtins.sub 0 1".
2013-08-02 Overload the ‘+’ operator to support integer additionEelco Dolstra2-4/+4
2013-07-31 Test the delayed with a bit moreEelco Dolstra3-5/+8
2013-07-31 Delay evaulation of `with` attrs until a variable lookup needs themShea Levy2-0/+27
Evaluation of attribute sets is strict in the attribute names, which means immediate evaluation of `with` attribute sets rules out some potentially interesting use cases (e.g. where the attribute names of one set depend in some way on another but we want to bring those names into scope for some values in the second set). The major example of this is overridable self-referential package sets (e.g. all-packages.nix). With immediate `with` evaluation, the only options for such sets are to either make them non-recursive and explicitly use the name of the overridden set in non-overridden one every time you want to reference another package, or make the set recursive and use the `__overrides` hack. As shown in the test case that comes with this commit, though, delayed `with` evaluation allows a nicer third alternative. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-01 Add support for uncompressed NARs in binary cachesEelco Dolstra1-1/+1
Issue NixOS/hydra#102.
2013-06-20 Don't keep "disabled" substituters runningEelco Dolstra2-0/+2
For instance, it's pointless to keep copy-from-other-stores running if there are no other stores, or download-using-manifests if there are no manifests. This also speeds things up because we don't send queries to those substituters.
2013-04-23 Show that --timeout doesn't work if the build produces log outputEelco Dolstra2-3/+1
2013-04-23 Test whether --fallback works if NARS have disappeared from the binary cacheEelco Dolstra1-0/+14
2013-04-23 Test NAR info cachingEelco Dolstra1-1/+3
2013-03-08 Revert "Prevent config.h from being clobbered"Eelco Dolstra2-6/+6
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6.
2013-03-07 Prevent config.h from being clobberedEelco Dolstra2-6/+6
2013-02-08 Rename "hash" to "hashString" and handle SHA-1Eelco Dolstra2-5/+6
2013-02-08 experimental/hashMarc Weber2-0/+7
adding primop function calculating hash of a string Signed-off-by: Marc Weber <marco-oweber@gmx.de>
2013-01-21 Fix the VM testsEelco Dolstra2-6/+6
2013-01-02 UrggghEelco Dolstra3-3/+5
http://hydra.nixos.org/build/3661100
2013-01-02 If a substitute closure is incomplete, build dependencies, then retry the ↵Eelco Dolstra1-1/+2
substituter Issue #77.
2013-01-02 Add a test for incomplete closures in the binary cacheEelco Dolstra1-0/+8
Issue #77.
2012-12-04 Test prioritiesEelco Dolstra3-4/+13
2012-12-04 Add a test for ‘nix-env --set-flag active ...’Eelco Dolstra1-1/+9
2012-12-03 Test the ‘--prebuilt-only’ flagEelco Dolstra1-0/+3
2012-11-26 Fix the multiple-outputs testEelco Dolstra1-1/+4
2012-10-03 Fix the testEelco Dolstra1-4/+4
2012-10-03 Rename nix-worker to nix-daemonEelco Dolstra1-2/+2
2012-10-03 Drop support for running nix-worker in "slave" modeEelco Dolstra1-6/+0
AFAIK nobody uses this, setuid binaries are evil, and there is no good reason why people can't just run the daemon.
2012-09-27 Allow dashes in identifiersEelco Dolstra1-2/+2
In Nixpkgs, the attribute in all-packages.nix corresponding to a package is usually equal to the package name. However, this doesn't work if the package contains a dash, which is fairly common. The convention is to replace the dash with an underscore (e.g. "dbus-lib" becomes "dbus_glib"), but that's annoying. So now dashes are valid in variable / attribute names, allowing you to write: dbus-glib = callPackage ../development/libraries/dbus-glib { }; and buildInputs = [ dbus-glib ]; Since we don't have a negation or subtraction operation in Nix, this is unambiguous.
2012-09-14 Fix testEelco Dolstra1-1/+1
http://hydra.nixos.org/build/3031382