From be208d8e7888985e1808d65635dca60328dc40a8 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sat, 23 Dec 2023 17:15:09 -0500 Subject: [PATCH 1/2] remote-store test: Break out IFD expression into a separate file (cherry picked from commit 9cb287657bec5a969d8bb1678d598d9fa820e60b) --- tests/ifd.nix | 10 ++++++++++ tests/remote-store.sh | 13 +------------ 2 files changed, 11 insertions(+), 12 deletions(-) create mode 100644 tests/ifd.nix diff --git a/tests/ifd.nix b/tests/ifd.nix new file mode 100644 index 00000000000..d0b9b54add0 --- /dev/null +++ b/tests/ifd.nix @@ -0,0 +1,10 @@ +with import ./config.nix; +import ( + mkDerivation { + name = "foo"; + bla = import ./dependencies.nix {}; + buildCommand = " + echo \\\"hi\\\" > $out + "; + } +) diff --git a/tests/remote-store.sh b/tests/remote-store.sh index 50e6f24b978..7649964ef40 100644 --- a/tests/remote-store.sh +++ b/tests/remote-store.sh @@ -19,18 +19,7 @@ else fi # Test import-from-derivation through the daemon. -[[ $(nix eval --impure --raw --expr ' - with import ./config.nix; - import ( - mkDerivation { - name = "foo"; - bla = import ./dependencies.nix {}; - buildCommand = " - echo \\\"hi\\\" > $out - "; - } - ) -') = hi ]] +[[ $(nix eval --impure --raw --file ./ifd.nix) = hi ]] storeCleared=1 NIX_REMOTE_=$NIX_REMOTE $SHELL ./user-envs.sh From e7c2b35827e9f4ddbec4248c5cf1ad793a2988ad Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sat, 23 Dec 2023 21:26:12 -0500 Subject: [PATCH 2/2] Build IFD in the build store when using eval-store. Previously, IFDs would be built within the eval store, even though one is typically using `--eval-store` precisely to *avoid* local builds. Because the resulting Nix expression must be copied back to the eval store in order to be imported, this requires the eval store to trust the build store's signatures. (cherry picked from commit c3942ef85ffbd83391410fbf012f1de366d2463c) --- src/libexpr/primops.cc | 24 ++++++++++++++++-------- tests/eval-store.sh | 8 ++++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index cd9a05bb29d..ef2d7e76810 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -82,16 +82,15 @@ StringMap EvalState::realiseContext(const NixStringContext & context) /* Build/substitute the context. */ std::vector buildReqs; for (auto & d : drvs) buildReqs.emplace_back(DerivedPath { d }); - store->buildPaths(buildReqs); + buildStore->buildPaths(buildReqs, bmNormal, store); + + StorePathSet outputsToCopyAndAllow; for (auto & drv : drvs) { - auto outputs = resolveDerivedPath(*store, drv); + auto outputs = resolveDerivedPath(*buildStore, drv, &*store); for (auto & [outputName, outputPath] : outputs) { - /* Add the output of this derivations to the allowed - paths. */ - if (allowedPaths) { - allowPath(outputPath); - } + outputsToCopyAndAllow.insert(outputPath); + /* Get all the output paths corresponding to the placeholders we had */ if (experimentalFeatureSettings.isEnabled(Xp::CaDerivations)) { res.insert_or_assign( @@ -100,12 +99,21 @@ StringMap EvalState::realiseContext(const NixStringContext & context) .drvPath = drv.drvPath, .output = outputName, }).render(), - store->printStorePath(outputPath) + buildStore->printStorePath(outputPath) ); } } } + if (store != buildStore) copyClosure(*buildStore, *store, outputsToCopyAndAllow); + if (allowedPaths) { + for (auto & outputPath : outputsToCopyAndAllow) { + /* Add the output of this derivations to the allowed + paths. */ + allowPath(store->toRealPath(outputPath)); + } + } + return res; } diff --git a/tests/eval-store.sh b/tests/eval-store.sh index 8fc859730b3..a34f3e82fe6 100644 --- a/tests/eval-store.sh +++ b/tests/eval-store.sh @@ -28,3 +28,11 @@ nix-build dependencies.nix --eval-store "$eval_store" -o "$TEST_ROOT/result" [[ -e $TEST_ROOT/result/foobar ]] (! ls $NIX_STORE_DIR/*.drv) ls $eval_store/nix/store/*.drv + +clearStore +rm -rf "$eval_store" + +# Confirm that import-from-derivation builds on the build store +[[ $(nix eval --eval-store "$eval_store?require-sigs=false" --impure --raw --file ./ifd.nix) = hi ]] +ls $NIX_STORE_DIR/*dependencies-top/foobar +(! ls $eval_store/nix/store/*dependencies-top/foobar)