From b80c9ce4a962661f5589092f618ca8ae70f56a1e Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Tue, 18 Sep 2018 09:30:59 -0400 Subject: stdenv: Validate meta.outputsToInstall MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If meta.outputsToInstall is set to include absent outputs, various tools break including channel updates and nix-env. grahamc@Morbo> nix-env -i -f . -A elf-header-real installing 'elf-header' error: this derivation has bad 'meta.outputsToInstall' This patch verifies each value in meta.outputsToInstall is a valid output. It validates this condition only if checkMeta is true. grahamc@Morbo> nix-build . -A elf-header-real error: Package ‘elf-header’ in /home/grahamc/projects/nixpkgs/pkgs/development/libraries/elf-header/default.nix:36 has invalid meta.outputsToInstall, refusing to evaluate. The package elf-header has set meta.outputsToInstall to: bin however elf-header only has the outputs: out and is missing the following ouputs: - bin (use '--show-trace' to show detailed location information) Note, now the nix-env experience is decidedly worse for users who have checkMeta set to true: grahamc@Morbo> nix-env -i -f . -A elf-header-real; echo $? 0 though since this is already an issue for unfree, broken, unsupported, and insecure validity problems I'm not sure we should do something different here. --- pkgs/stdenv/generic/check-meta.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'pkgs/stdenv/generic') diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index a5c8ca705231..28b69f5c2dc9 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -81,6 +81,7 @@ let unsupported = remediate_whitelist "UnsupportedSystem"; blacklisted = x: ""; insecure = remediate_insecure; + broken-outputs = remediateOutputsToInstall; unknown-meta = x: ""; }; remediate_whitelist = allow_attr: attrs: @@ -125,6 +126,20 @@ let ''; + remediateOutputsToInstall = attrs: let + expectedOutputs = attrs.meta.outputsToInstall or []; + actualOutputs = attrs.outputs or [ "out" ]; + missingOutputs = builtins.filter (output: ! builtins.elem output actualOutputs) expectedOutputs; + in '' + The package ${attrs.name} has set meta.outputsToInstall to: ${builtins.concatStringsSep ", " expectedOutputs} + + however ${attrs.name} only has the outputs: ${builtins.concatStringsSep ", " actualOutputs} + + and is missing the following ouputs: + + ${lib.concatStrings (builtins.map (output: " - ${output}\n") missingOutputs)} + ''; + handleEvalIssue = attrs: { reason , errormsg ? "" }: let msg = '' @@ -185,6 +200,14 @@ let in anyMatch (attrs.meta.platforms or lib.platforms.all) && ! anyMatch (attrs.meta.badPlatforms or []); + checkOutputsToInstall = attrs: let + expectedOutputs = attrs.meta.outputsToInstall or []; + actualOutputs = attrs.outputs or [ "out" ]; + missingOutputs = builtins.filter (output: ! builtins.elem output actualOutputs) expectedOutputs; + in if shouldCheckMeta + then builtins.length missingOutputs > 0 + else false; + # Check if a derivation is valid, that is whether it passes checks for # e.g brokenness or license. # @@ -202,6 +225,8 @@ let { valid = false; reason = "unsupported"; errormsg = "is not supported on ‘${hostPlatform.config}’"; } else if !(hasAllowedInsecure attrs) then { valid = false; reason = "insecure"; errormsg = "is marked as insecure"; } + else if checkOutputsToInstall attrs then + { valid = false; reason = "broken-outputs"; errormsg = "has invalid meta.outputsToInstall"; } else let res = checkMeta (attrs.meta or {}); in if res != [] then { valid = false; reason = "unknown-meta"; errormsg = "has an invalid meta attrset:${lib.concatMapStrings (x: "\n\t - " + x) res}"; } else { valid = true; }; -- cgit 1.4.1 From 2111e7b742aa0121a7b3b14738811ad030a6c321 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Tue, 18 Sep 2018 15:35:11 -0400 Subject: mkDerivation: Make `separateDebugInfo` assertion lazier to match other assertions This is needed to access attributes of derivations on platforms where they cannot be built. --- pkgs/development/libraries/glibc/default.nix | 3 +-- pkgs/stdenv/generic/make-derivation.nix | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'pkgs/stdenv/generic') diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index c74c27598ee0..8b17ff9e5585 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -94,8 +94,7 @@ callPackage ./common.nix { inherit stdenv; } { mv $bin/bin/getconf_ $bin/bin/getconf ''; - # Hack to get around eval issue. - separateDebugInfo = !stdenv.isDarwin; + separateDebugInfo = true; meta.description = "The GNU C Library"; } diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index e1ce3200e8c9..c663c3743ed6 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -83,9 +83,7 @@ rec { doCheck' = doCheck && stdenv.hostPlatform == stdenv.buildPlatform; doInstallCheck' = doInstallCheck && stdenv.hostPlatform == stdenv.buildPlatform; - outputs' = - outputs ++ - (if separateDebugInfo then assert stdenv.hostPlatform.isLinux; [ "debug" ] else []); + outputs' = outputs ++ lib.optional separateDebugInfo "debug"; fixedOutputDrv = attrs ? outputHash; noNonNativeDeps = builtins.length (depsBuildTarget ++ depsBuildTargetPropagated @@ -176,7 +174,7 @@ rec { // { # A hack to make `nix-env -qa` and `nix search` ignore broken packages. # TODO(@oxij): remove this assert when something like NixOS/nix#1771 gets merged into nix. - name = assert validity.handled; name + lib.optionalString + name = assert validity.handled && (separateDebugInfo -> stdenv.hostPlatform.isLinux); name + lib.optionalString # Fixed-output derivations like source tarballs shouldn't get a host # suffix. But we have some weird ones with run-time deps that are # just used for their side-affects. Those might as well since the -- cgit 1.4.1