-
-
Notifications
You must be signed in to change notification settings - Fork 18.1k
Description
Describe the bug
Fetchers are hard to test because when the output sha is verified, Nix won't download it again.
This leads to confusion and PRs that are effectively untested because the others do not realize that they need to remove the store path before testing.
Examples:
Steps To Reproduce
Steps to reproduce the behavior:
- change a fetcher
- nix-build
- break the fetcher
- nix-build
- "success" but the fetcher is broken
- make a PR
- wasted effort
Expected behavior
The fetcher runs every time. This is expected but not realistic, because Nix can not guess what to re-fetch.
Instead, we can make fetcher testing easier by adding fetcher tests following the pattern:
let
plain = fetchFoo { ... };
computeSaltedHash = salt: runCommand "source" {} ''
cp -r --no-preserve-mode ${plain} src
echo ${salt} >src/fetcher-test-salt
# not sure which command this should be
compute-nar-hash src >$out
'';
fetchWithSaltedHash = salt: plain.override {
postFetch = "echo ${salt} >$out/fetcher-test-salt";
sha256 = builtins.readFile computeSaltedHash; # "import from derivation"
}
in
f {
tests.fetch-salted = fetchWithSaltedHash;
}So this uses IFD which is probably ok for ofborg?
Regarding f; instead of passthru somewhere, we'll have to use __functor to set tests.fetch-salted on the fetchers because they're functions.
The salt may need to be passed externally in case of pure evaluation. We could make it a Nixpkgs config parameter that defaults to builtins.currentTime.
Screenshots
Additional context
Notify maintainers
Metadata
Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.
[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
output hereMaintainer information:
# a list of nixpkgs attributes affected by the problem
attribute:
- fetchgit
- fetchFromGitHub
- fetchsvn
- dockerTools.pullImage
- fetch*
# a list of nixos modules affected by the problem
module: