Skip to content

Commit

Permalink
nix shell: Test that store paths cannot link outside of the store
Browse files Browse the repository at this point in the history
  • Loading branch information
edolstra committed Apr 11, 2024
1 parent 9d50f57 commit 26a4688
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
8 changes: 8 additions & 0 deletions tests/functional/shell-hello.nix
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,14 @@ rec {
'';
};

forbidden-symlink = mkDerivation {
name = "forbidden-symlink";
buildCommand =
''
ln -s /tmp/foo/bar $out
'';
};

salve-mundi = mkDerivation {
name = "salve-mundi";
outputs = [ "out" ];
Expand Down
3 changes: 3 additions & 0 deletions tests/functional/shell.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ nix shell -f shell-hello.nix 'hello^*' -c hello2 | grep 'Hello2'
# Test output paths that are a symlink.
nix shell -f shell-hello.nix hello-symlink -c hello | grep 'Hello World'

# Test that symlinks outside of the store don't work.
expect 1 nix shell -f shell-hello.nix forbidden-symlink -c hello 2>&1 | grepQuiet "is not in the Nix store"

if isDaemonNewer "2.20.0pre20231220"; then
# Test that command line attribute ordering is reflected in the PATH
# https://github.com/NixOS/nix/issues/7905
Expand Down

0 comments on commit 26a4688

Please sign in to comment.