+27

nixos/modules/system/activation/test.nix

··· 1 1 + { lib 2 2 + , nixos 3 3 + , expect 4 4 + , testers 5 5 + }: 6 6 + let 7 7 + node-forbiddenDependencies-fail = nixos ({ ... }: { 8 8 + system.forbiddenDependenciesRegex = "-dev$"; 9 9 + environment.etc."dev-dependency" = { 10 10 + text = "${expect.dev}"; 11 11 + }; 12 12 + documentation.enable = false; 13 13 + fileSystems."/".device = "ignore-root-device"; 14 14 + boot.loader.grub.enable = false; 15 15 + }); 16 16 + node-forbiddenDependencies-succeed = nixos ({ ... }: { 17 17 + system.forbiddenDependenciesRegex = "-dev$"; 18 18 + system.extraDependencies = [ expect.dev ]; 19 19 + documentation.enable = false; 20 20 + fileSystems."/".device = "ignore-root-device"; 21 21 + boot.loader.grub.enable = false; 22 22 + }); 23 23 + in 24 24 + lib.recurseIntoAttrs { 25 25 + test-forbiddenDependencies-fail = testers.testBuildFailure node-forbiddenDependencies-fail.config.system.build.toplevel; 26 26 + test-forbiddenDependencies-succeed = node-forbiddenDependencies-succeed.config.system.build.toplevel; 27 27 + }

+31 -1

nixos/modules/system/activation/top-level.nix

··· 77 77 78 78 ${config.system.systemBuilderCommands} 79 79 80 80 - echo -n "${toString config.system.extraDependencies}" > $out/extra-dependencies 80 80 + echo -n "$extraDependencies" > $out/extra-dependencies 81 81 82 82 ${config.system.extraSystemBuilderCmds} 83 83 ''; ··· 104 104 activationScript = config.system.activationScripts.script; 105 105 dryActivationScript = config.system.dryActivationScript; 106 106 nixosLabel = config.system.nixos.label; 107 107 + 108 108 + inherit (config.system) extraDependencies; 107 109 108 110 # Needed by switch-to-configuration. 109 111 perl = pkgs.perl.withPackages (p: with p; [ ConfigIniFiles FileSlurp ]); ··· 223 225 ''; 224 226 }; 225 227 228 228 + system.forbiddenDependenciesRegex = mkOption { 229 229 + default = ""; 230 230 + example = "-dev$"; 231 231 + type = types.str; 232 232 + description = lib.mdDoc '' 233 233 + A POSIX Extended Regular Expression that matches store paths that 234 234 + should not appear in the system closure, with the exception of {option}`system.extraDependencies`, which is not checked. 235 235 + ''; 236 236 + }; 237 237 + 226 238 system.extraSystemBuilderCmds = mkOption { 227 239 type = types.lines; 228 240 internal = true; ··· 298 310 config.system.copySystemConfiguration 299 311 ''ln -s '${import ../../../lib/from-env.nix "NIXOS_CONFIG" <nixos-config>}' \ 300 312 "$out/configuration.nix" 313 313 + '' + 314 314 + optionalString 315 315 + (config.system.forbiddenDependenciesRegex != "") 316 316 + '' 317 317 + if [[ $forbiddenDependenciesRegex != "" && -n $closureInfo ]]; then 318 318 + if forbiddenPaths="$(grep -E -- "$forbiddenDependenciesRegex" $closureInfo/store-paths)"; then 319 319 + echo -e "System closure $out contains the following disallowed paths:\n$forbiddenPaths" 320 320 + exit 1 321 321 + fi 322 322 + fi 301 323 ''; 324 324 + 325 325 + system.systemBuilderArgs = lib.optionalAttrs (config.system.forbiddenDependenciesRegex != "") { 326 326 + inherit (config.system) forbiddenDependenciesRegex; 327 327 + closureInfo = pkgs.closureInfo { rootPaths = [ 328 328 + # override to avoid infinite recursion (and to allow using extraDependencies to add forbidden dependencies) 329 329 + (config.system.build.toplevel.overrideAttrs (_: { extraDependencies = []; closureInfo = null; })) 330 330 + ]; }; 331 331 + }; 302 332 303 333 system.build.toplevel = system; 304 334

+1

nixos/tests/all-tests.nix

··· 193 193 ergo = handleTest ./ergo.nix {}; 194 194 ergochat = handleTest ./ergochat.nix {}; 195 195 etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; }; 196 196 + activation = pkgs.callPackage ../modules/system/activation/test.nix { }; 196 197 etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; 197 198 etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; 198 199 etebase-server = handleTest ./etebase-server.nix {};