Commit Graph

2012 Commits

Author SHA1 Message Date
Théophane Hufschmitt
e8e62c95dd Test the inclusion of transitive symlinks in the sandbox
(cherry picked from commit cef677ddbc)
2024-10-14 14:42:45 +02:00
Théophane Hufschmitt
1cc79f1343 Fix the access of symlinks to host files in the sandbox
https://github.com/NixOS/nix/pull/10456 fixed the addition of symlink
store paths to the sandbox, but also made it so that the hardcoded
sandbox paths (like `/etc/hosts`) were now bind-mounted without
following the possible symlinks. This made these files unreadable if
there were symlinks (because the sandbox would now contain a symlink to
an unreachable file rather than the underlying file).
In particular, this broke FOD derivations on NixOS as `/etc/hosts` is a
symlink there.

Fix that by canonicalizing all these hardcoded sandbox paths before
adding them to the sandbox.

(cherry picked from commit acbb1523c1)
2024-10-14 14:42:45 +02:00
Jörg Thalheim
8d763e7ab9 tests/nixos/fetchurl: drop unused variables
(cherry picked from commit de9946cbfd4858133462c8cc6b7838edb3be2451)
2024-10-13 13:06:58 +02:00
Puck Meerburg
de2a27caab fixup! Add a test for builtin:fetchurl cert verification 2024-10-13 13:02:46 +02:00
Eelco Dolstra
ebff89a4e5 Resolve conflict 2024-09-26 00:20:13 +02:00
Eelco Dolstra
10e3c1631e Add a test for builtin:fetchurl cert verification
(cherry picked from commit f2f47fa725)

# Conflicts:
#	tests/nixos/default.nix
2024-09-25 21:53:43 +00:00
tomberek
2b15b0b9b0
Merge pull request from GHSA-q82p-44mg-mgh5
Fix sandbox escape 2.20
2024-06-26 18:49:22 -04:00
Robert Hensing
630497bff7 Fix fetchGit nested submodules
(cherry picked from commit 750bcaa330)
2024-05-09 09:13:59 +00:00
Théophane Hufschmitt
0e4baff868 Run the builds in a daemon-controled directory
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
2024-04-22 15:34:48 +02:00
Théophane Hufschmitt
cad14405c2 Add a test for the user sandboxing 2024-04-22 15:34:48 +02:00
Théophane Hufschmitt
f7146d25ec Add a test for depending on a symlink store path
Regression test for https://github.com/NixOS/nix/issues/9579

(cherry picked from commit 872d93eb13)
2024-04-11 12:19:07 +00:00
Maximilian Bosch
8b84348a78 path-info: print correct path when using nix path-info --store file://... --all --json
When querying all paths in a binary cache store, the path's representation
is `<hash>-x` (where `x` is the value of `MissingName`) because the .narinfo
filenames only contain the hash.

Before cc46ea1630 this worked correctly,
because the entire path info was read and the path from this
representation was printed, i.e. in the form `<hash>-<name>`. Since then
however, the direct result from `queryAllValidPaths()` was used as `path`.

Added a regression test to make sure the behavior remains correct.

(cherry picked from commit c80cd6bb06)
2024-04-10 17:37:36 +00:00
Eelco Dolstra
70a2c5f607 Handle the case where a parent of ~/.nix-defexpr is a symlink
Fixes https://github.com/DeterminateSystems/nix-installer/issues/912 and probably #10247.

(cherry picked from commit 09551fabd0)
2024-04-03 16:24:03 +00:00
pennae
631b2de30f fix debugger crashing while printing envs
fixes #9932

(cherry picked from commit 5ccb06ee1b)
2024-03-11 08:28:17 +01:00
Théophane Hufschmitt
4645652975 Add a NixOS test for the sandbox escape
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-07 09:38:24 +01:00
Olmo Kramer
b005d736ef Add test for nix flake update with multiple inputs
(cherry picked from commit b1ad729add)
2024-03-04 08:54:00 +00:00
Eelco Dolstra
15c0a7b2ce Support empty Git repositories / workdirs
Fixes #10039.

(cherry picked from commit 9e762454cf)
2024-02-28 01:40:43 +00:00
Eelco Dolstra
0b32c8763b Don't send settings that depend on disabled experimental features to the daemon
This fixes warnings like

   warning: Ignoring setting 'auto-allocate-uids' because experimental feature 'auto-allocate-uids' is not enabled
   warning: Ignoring setting 'impure-env' because experimental feature 'configurable-impure-env' is not enabled

when using the daemon and the user didn't actually set those settings.

Note: this also hides those settings from `nix config show`, but that
seems a good thing.

(cherry picked from commit 0acd783190)
2024-02-20 14:53:28 +00:00
Eelco Dolstra
28dd392948 fetchToStore(): Don't always respect settings.readOnlyMode
It's now up to the caller whether readOnlyMode should be applied. In
some contexts (like InputScheme::fetch()), we always need to fetch.

(cherry picked from commit 7cb4d0c5b7)
2024-02-20 11:08:06 +00:00
Alois Wohlschlager
0571e6e9b4 Restore builtins.pathExists behavior on broken symlinks
Commit 83c067c0fa changed `builtins.pathExists`
to resolve symlinks before checking for existence. Consequently, if the path
refers to a symlink itself, existence of the target of the symlink (instead of
the symlink itself) was checked. Restore the previous behavior by skipping
symlink resolution in the last component.

(cherry picked from commit 89e21ab4bd)
2024-02-16 14:24:23 +00:00
Eelco Dolstra
7f66d4f167 <nix/fetchurl.nix>: Restore support for "impure = true"
(cherry picked from commit bb63bd50e6)
2024-02-13 21:51:13 +00:00
Eelco Dolstra
b6bf4a80d8 Better test fix
(cherry picked from commit e67458e5b8)
2024-02-02 13:00:54 +00:00
Eelco Dolstra
955be03476 Fix test
(cherry picked from commit 05535be03a)
2024-02-02 13:00:54 +00:00
Eelco Dolstra
df2156a5d2 builtin:fetchurl: Ensure a fixed-output derivation
Previously we didn't check that the derivation was fixed-output, so
you could use builtin:fetchurl to impurely fetch a file.

(cherry picked from commit 1ee42c5b88)
2024-02-02 13:00:54 +00:00
Robert Hensing
b5947b55e2 Disallow store path names that are . or .. (plus opt. -)
As discussed in the maintainer meeting on 2024-01-29.

Mainly this is to avoid a situation where the name is parsed and
treated as a file name, mostly to protect users.
.-* and ..-* are also considered invalid because they might strip
on that separator to remove versions. Doesn't really work, but that's
what we decided, and I won't argue with it, because .-* probably
doesn't seem to have a real world application anyway.
We do still permit a 1-character name that's just "-", which still
poses a similar risk in such a situation. We can't start disallowing
trailing -, because a non-zero number of users will need it and we've
seen how annoying and painful such a change is.

What matters most is preventing a situation where . or .. can be
injected, and to just get this done.

(cherry picked from commit f1b4663805)
2024-01-31 18:11:17 +00:00
Robert Hensing
60fb31a87d test: Generate distinct hashes
Gen::just is the constant generator. Don't just return that!
(cherry picked from commit 8406da2877)
2024-01-31 18:11:17 +00:00
Robert Hensing
b35958bd7c test: Generate distinct path names
Gen::just is the constant generator. Don't just return that!
(cherry picked from commit 69bbd5852a)
2024-01-31 18:11:17 +00:00
Robert Hensing
f36832ce13 parseStorePath: Support leading period
(cherry picked from commit b13e6a76b4)
2024-01-31 18:11:17 +00:00
Robert Hensing
0f4db25957 Revert "StorePath: reject names starting with '.'"
This reverts commit 24bda0c7b3.

(cherry picked from commit 9ddd0f2af8)
2024-01-31 18:11:17 +00:00
Eelco Dolstra
5ad5b4447c Resolve symlinks in a few more places
Fixes #9882.

(cherry picked from commit b36ff47e7c)
2024-01-30 16:10:21 +00:00
Eelco Dolstra
f6719032cf Shut up a gcc warning 2024-01-29 15:22:44 +01:00
Rebecca Turner
772897a1cd
Color diff output in tests/functional/lang tests
Use `diff --color=always` to print colored output for language test
failures. I've also flipped the arguments so that expected lines missing
from the actual output will be marked with a red `-` and additional
lines found in the actual output will be marked with a green `+`.
Previously it was the other way around, which was very confusing.
2024-01-26 10:08:56 -08:00
Robert Hensing
212ba69e6f
Merge pull request #9843 from hercules-ci/test-pr-9626
tests/functional/fetchGit.sh: Test fetchGit/fetchTree error message
2024-01-24 13:55:41 +01:00
Robert Hensing
6532dd50fc tests/functional/fetchGit.sh: Test fetchGit/fetchTree error message
Follow-up for https://github.com/NixOS/nix/pull/9626
176dcd5c61
2024-01-24 13:19:02 +01:00
Robert Hensing
5b7bfd2d6b
Merge pull request #9754 from 9999years/print-value-when-coercion-fails
Print the value in `error: cannot coerce` messages
2024-01-24 12:48:39 +01:00
Théophane Hufschmitt
69d0ae27e3
Merge pull request #9841 from obsidiansystems/float-speed-factor
Convert `Machine::speedFactor` from a non-neg int to a non-neg float
2024-01-24 11:28:54 +01:00
John Ericson
1e24db6f9a Convert Machine::speedFactor from a non-neg int to a non-neg float
The short motivation is to match Hydra, so we can de-dup.

The long version is layed out in
https://github.com/NixOS/nix/issues/9840.
2024-01-24 01:03:07 -05:00
tomberek
1c260fa6d1
Merge pull request #9481 from iFreilicht/disallow-nix-search-without-search-terms
nix search: Disallow empty regex
2024-01-23 20:59:52 -05:00
Rebecca Turner
83bb494a30
Print the value in error: cannot coerce messages
This extends the `error: cannot coerce a TYPE to a string` message
to print the value that could not be coerced. This helps with debugging
by making it easier to track down where the value is being produced
from, especially in errors with deep or unhelpful stack traces.
2024-01-23 15:15:41 -08:00
Robert Hensing
08bf2846df
Merge pull request #9653 from obsidiansystems/improve-parse-sink
Improve the `ParseSink` interface
2024-01-23 01:04:57 +01:00
John Ericson
6365bbfa81 Improve the FileSystemObjectSink interface
More invariants are enforced in the type, and less state needs to be
stored in the main sink itself. The method here is roughly that known as
"session types".

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-01-22 18:01:21 -05:00
John Ericson
966d6fcd01 ParseSink -> FileSystemObjectSink
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-01-22 18:01:18 -05:00
Maximilian Bosch
81499a0b93
libexpr: print value of what is attempted to be called as function
Low-hanging fruit in the spirit of #9753 and #9754 (means 9999years did
all the hard work already).

This basically prints out what was attempted to be called as function,
i.e.

  map (import <nixpkgs> {}) [ 1 2 3 ]

now gives the following error message:

    error:
           … while calling the 'map' builtin
             at «string»:1:1:
                1| map (import <nixpkgs> {}) [ 1 2 3 ]
                 | ^

           … while evaluating the first argument passed to builtins.map

           error: expected a function but found a set: { _type = "pkgs"; AAAAAASomeThingsFailToEvaluate = «thunk»; AMB-plugins = «thunk»; ArchiSteamFarm = «thunk»; BeatSaberModManager = «thunk»; CHOWTapeModel = «thunk»; ChowCentaur = «thunk»; ChowKick = «thunk»; ChowPhaser = «thunk»; CoinMP = «thunk»;  «18783 attributes elided»}
2024-01-22 22:41:42 +01:00
Robert Hensing
5f72a97092
Merge pull request #9753 from 9999years/print-value-on-type-error
Print the value in `value is X while a Y is expected` error
2024-01-22 22:18:16 +01:00
Robert Hensing
74534829f2
Merge pull request #9830 from hercules-ci/test-cross-version-remote-build
tests/nixos: Test remote build against older versions
2024-01-22 19:42:57 +01:00
Robert Hensing
c4d7c4a848 nixos/tests/remote-builds*: Format
nixpkgs-fmt
2024-01-22 18:47:59 +01:00
Robert Hensing
5167351efb tests/nixos/remote-builds*: Inline module + format 2024-01-22 18:44:16 +01:00
John Ericson
1fb2582969 Create unit tests for the serve proto handshake
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-01-22 12:43:11 -05:00
Robert Hensing
e502d1cf94 tests/nixos: Test remote build against older versions 2024-01-22 18:39:15 +01:00
Rebecca Turner
cb7fbd4d83
Print value on type error
Adds the failing value to `value is <TYPE> while a <TYPE> is expected`
error messages.
2024-01-22 08:56:02 -08:00