mirror of
https://github.com/NixOS/nix.git
synced 2024-11-22 06:42:28 +00:00
1ad3328c5e
Previously, for tarball flakes, we recorded the original URL of the tarball flake, rather than the URL to which it ultimately redirects. Thus, a flake URL like http://example.org/patchelf-latest.tar that redirects to http://example.org/patchelf-<revision>.tar was not really usable. We couldn't record the redirected URL, because sites like GitHub redirect to CDN URLs that we can't rely on to be stable. So now we use the redirected URL only if the server returns the `x-nix-is-immutable` or `x-amz-meta-nix-is-immutable` headers in its response.
85 lines
2.9 KiB
Nix
85 lines
2.9 KiB
Nix
{ lib, config, nixpkgs, ... }:
|
|
|
|
let
|
|
pkgs = config.nodes.machine.nixpkgs.pkgs;
|
|
|
|
root = pkgs.runCommand "nixpkgs-flake" {}
|
|
''
|
|
mkdir -p $out/stable
|
|
|
|
set -x
|
|
dir=nixpkgs-${nixpkgs.shortRev}
|
|
cp -prd ${nixpkgs} $dir
|
|
# Set the correct timestamp in the tarball.
|
|
find $dir -print0 | xargs -0 touch -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${builtins.substring 12 2 nixpkgs.lastModifiedDate} --
|
|
tar cfz $out/stable/${nixpkgs.rev}.tar.gz $dir --hard-dereference
|
|
|
|
echo 'Redirect "/latest.tar.gz" "/stable/${nixpkgs.rev}.tar.gz"' > $out/.htaccess
|
|
|
|
echo 'Header set Link "<http://localhost/stable/${nixpkgs.rev}.tar.gz?rev=${nixpkgs.rev}&revCount=1234>; rel=\"immutable\""' > $out/stable/.htaccess
|
|
'';
|
|
in
|
|
|
|
{
|
|
name = "tarball-flakes";
|
|
|
|
nodes =
|
|
{
|
|
machine =
|
|
{ config, pkgs, ... }:
|
|
{ networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
services.httpd.enable = true;
|
|
services.httpd.adminAddr = "foo@example.org";
|
|
services.httpd.extraConfig = ''
|
|
ErrorLog syslog:local6
|
|
'';
|
|
services.httpd.virtualHosts."localhost" =
|
|
{ servedDirs =
|
|
[ { urlPath = "/";
|
|
dir = root;
|
|
}
|
|
];
|
|
};
|
|
|
|
virtualisation.writableStore = true;
|
|
virtualisation.diskSize = 2048;
|
|
virtualisation.additionalPaths = [ pkgs.hello pkgs.fuse ];
|
|
virtualisation.memorySize = 4096;
|
|
nix.settings.substituters = lib.mkForce [ ];
|
|
nix.extraOptions = "experimental-features = nix-command flakes";
|
|
};
|
|
};
|
|
|
|
testScript = { nodes }: ''
|
|
# fmt: off
|
|
import json
|
|
|
|
start_all()
|
|
|
|
machine.wait_for_unit("httpd.service")
|
|
|
|
out = machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz")
|
|
print(out)
|
|
info = json.loads(out)
|
|
|
|
# Check that we got redirected to the immutable URL.
|
|
assert info["locked"]["url"] == "http://localhost/stable/${nixpkgs.rev}.tar.gz"
|
|
|
|
# Check that we got the rev and revCount attributes.
|
|
assert info["revision"] == "${nixpkgs.rev}"
|
|
assert info["revCount"] == 1234
|
|
|
|
# Check that fetching with rev/revCount/narHash succeeds.
|
|
machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz?rev=" + info["revision"])
|
|
machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz?revCount=" + str(info["revCount"]))
|
|
machine.succeed("nix flake metadata --json http://localhost/latest.tar.gz?narHash=" + info["locked"]["narHash"])
|
|
|
|
# Check that fetching fails if we provide incorrect attributes.
|
|
machine.fail("nix flake metadata --json http://localhost/latest.tar.gz?rev=493300eb13ae6fb387fbd47bf54a85915acc31c0")
|
|
machine.fail("nix flake metadata --json http://localhost/latest.tar.gz?revCount=789")
|
|
machine.fail("nix flake metadata --json http://localhost/latest.tar.gz?narHash=sha256-tbudgBSg+bHWHiHnlteNzN8TUvI80ygS9IULh4rklEw=")
|
|
'';
|
|
|
|
}
|