noBrokenSymlinks: check for unreadable symlinks #380683
Conversation
|
I haven't tested this locally yet because it wants to Rebuild The Everything (well, it is a stdenv change) and I don't have that much free space. |
Rhys-T
force-pushed
the
fix-no-broken-symlinks-hook
branch
from
5fd24fd to
42b0ac3
Compare
|
Hang on, that was the wrong branch, and now I've messed something up on my local repo. (I don't do rebases often enough.) Give me a sec, I'll fix it… |
Rhys-T
force-pushed
the
fix-no-broken-symlinks-hook
branch
from
42b0ac3 to
76a3e75
Compare
github-actions
bot
added
6.topic: python
6.topic: qt/kde
6.topic: rust
6.topic: golang
6.topic: ruby
6.topic: vim
6.topic: stdenv
github-actions
bot
removed
6.topic: python
6.topic: qt/kde
6.topic: rust
6.topic: golang
6.topic: ruby
6.topic: vim
6.topic: stdenv
|
Should just need to be moved earlier in the list. |
|
Okay, testing it now. |
|
Okay, I've almost got it. The problem now is the |
| if readlink "$out/unreadable-symlink" >/dev/null 2>&1; then | ||
| nixErrorLog "symlink permissions not supported" | ||
| ${optionalString failIfUnsupported | ||
| # Postpone the failure until after no-broken-symlinks.sh has a chance to print its messages | ||
| "postFixupHooks+=('exit 1')" | ||
| } | ||
| fi |
There was a problem hiding this comment.
Don't try to read the symlink -- the function should just produce one which is unreadable, not try to read it.
There was a problem hiding this comment.
The idea there was to check if I had managed to make it unreadable in the first place - if not, I'm on a platform like Linux that doesn't support permissions for symlinks, and I need to skip this test.
There was a problem hiding this comment.
stdenv.hostPlatform provides booleans like isLinux and isDarwin; I would condition including the check using those rather than having the above in the test.
|
I think the function producing the unreadable symlink needs to be reduce so it does exactly what the name says -- it should only produce the symlink, not try to read it. Broken symlinks are a correctness issue -- it's expected that trying to interact with these broken symlinks should fail, so the tests shouldn't interact with them. The tests only exist to catch and warn about their presence. Disabling the hook is a way of communicating "I know there are correctness issues with the output(s) but I don't care" so I think the behavior of failing when trying to actually interact with the broken symlinks is valid and that we just need to avoid doing so in the tests. |
The function may not be the best place for that, but something in the test needs to see whether it's on a platform that supports symlink permissions in the first place - otherwise the Linux version of the test will "fail to fail properly" because
Trying to make sure I'm understanding correctly: Should I remove the |
See my comment on
The |
Got it. So far it sounds like Darwin and the *BSDs are the ones where I need to worry about symlink permissions, so I'll set it up to run on those for now.
Well, that's the thing: the |
|
Ah, in that case I’d recommends disabling or marking them broken on non-Linux systems. |
|
Is there any point in even having the Also, for the combined Sorry for all the questions - I just really want to make sure I'm doing this right, since I'm changing a fairly major component of Nixpkgs. |
|
No worries! Happy to try to answer them :) To correct something I wrote earlier -- instead of marking a test as broken, we should instead be populating I'd say keep the For the combined tests, rather than adding the unreadable symlink to them, I'd recommend making a new combined test which includes the unreadable symlink and setting Does that help? |
|
I think so, thanks. So to summarize what I'm getting from this:
Does that sound right? |
|
Perfect! And thank you for making the table! Would you mind adding a comment to the test cases similar to what you did in the Action column of your table? |
The stage2 stdenv uses Coreutils 9.4, which doesn't have `chmod -h` yet.
`mkUnreadableSymlink` was exiting before the hook could print its messages, meaning that the combined 'broken' test wasn't getting the symlink counts.
This protects the rest of the standard setup hooks from unreadable and other broken symlinks. (Otherwise, they can choke on the `readlink` step and fail silently before `no-broken-symlinks.sh`` is even reached.)
Some platforms implement permissions for symlinks, while others - including Linux - ignore them. As a result, testing this hook's handling of unreadable symlinks requires careful attention to which kind of platform we're on. See the comments by `meta.badPlatforms` for details.
Rhys-T
force-pushed
the
fix-no-broken-symlinks-hook
branch
from
3c702b8 to
98838cc
Compare
|
Does this look right? I couldn't find any other example of using |
nix-owners
bot
requested review from
emilazy,
reckenrode,
Artturin and
RossComputerGuy
|
(Oops… sorry, I didn't realize it was going to request another batch of reviewers each time I marked it ready.) |
Resolves #380681.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.