Merge pull request #10931 from hercules-ci/test-run-and-shell-envs

Test the `run` and `shell` envs for stray variables
NixOS · Jul 17, 2024 · 05751de · 05751de
2 parents f0a1c13 + 316b58d
commit 05751de
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 0 deletions.
diff --git a/tests/functional/flakes/run.sh b/tests/functional/flakes/run.sh
@@ -29,5 +29,26 @@ nix run --no-write-lock-file .#pkgAsPkg
 ! nix run --no-write-lock-file .#pkgAsApp || fail "'nix run' shouldn’t accept an 'app' defined under 'packages'"
 ! nix run --no-write-lock-file .#appAsPkg || fail "elements of 'apps' should be of type 'app'"
 
+# Test that we're not setting any more environment variables than necessary.
+# For instance, we might set an environment variable temporarily to affect some
+# initialization or whatnot, but this must not leak into the environment of the
+# command being run.
+env > $TEST_ROOT/expected-env
+nix run -f shell-hello.nix env > $TEST_ROOT/actual-env
+# Remove/reset variables we expect to be different.
+# - PATH is modified by nix shell
+# - _ is set by bash and is expected to differ because it contains the original command
+# - __CF_USER_TEXT_ENCODING is set by macOS and is beyond our control
+sed -i \
+  -e 's/PATH=.*/PATH=.../' \
+  -e 's/_=.*/_=.../' \
+  -e '/^__CF_USER_TEXT_ENCODING=.*$/d' \
+  $TEST_ROOT/expected-env $TEST_ROOT/actual-env
+sort $TEST_ROOT/expected-env | uniq > $TEST_ROOT/expected-env.sorted
+# nix run appears to clear _. I don't understand why. Is this ok?
+echo "_=..." >> $TEST_ROOT/actual-env
+sort $TEST_ROOT/actual-env | uniq > $TEST_ROOT/actual-env.sorted
+diff $TEST_ROOT/expected-env.sorted $TEST_ROOT/actual-env.sorted
+
 clearStore
 
diff --git a/tests/functional/shell-hello.nix b/tests/functional/shell-hello.nix
@@ -55,4 +55,26 @@ rec {
         chmod +x $out/bin/hello
       '';
   };
+
+  # execs env from PATH, so that we can probe the environment
+  # does not allow arguments, because we don't need them
+  env = mkDerivation {
+    name = "env";
+    outputs = [ "out" ];
+    buildCommand =
+      ''
+        mkdir -p $out/bin
+
+        cat > $out/bin/env <<EOF
+        #! ${shell}
+        if [ $# -ne 0 ]; then
+          echo "env: Unexpected arguments ($#): $@" 1>&2
+          exit 1
+        fi
+        exec env
+        EOF
+        chmod +x $out/bin/env
+      '';
+  };
+
 }
diff --git a/tests/functional/shell.sh b/tests/functional/shell.sh
@@ -23,6 +23,25 @@ nix shell -f shell-hello.nix hello-symlink -c hello | grep 'Hello World'
 # Test that symlinks outside of the store don't work.
 expect 1 nix shell -f shell-hello.nix forbidden-symlink -c hello 2>&1 | grepQuiet "is not in the Nix store"
 
+# Test that we're not setting any more environment variables than necessary.
+# For instance, we might set an environment variable temporarily to affect some
+# initialization or whatnot, but this must not leak into the environment of the
+# command being run.
+env > $TEST_ROOT/expected-env
+nix shell -f shell-hello.nix hello -c env > $TEST_ROOT/actual-env
+# Remove/reset variables we expect to be different.
+# - PATH is modified by nix shell
+# - _ is set by bash and is expectedf to differ because it contains the original command
+# - __CF_USER_TEXT_ENCODING is set by macOS and is beyond our control
+sed -i \
+  -e 's/PATH=.*/PATH=.../' \
+  -e 's/_=.*/_=.../' \
+  -e '/^__CF_USER_TEXT_ENCODING=.*$/d' \
+  $TEST_ROOT/expected-env $TEST_ROOT/actual-env
+sort $TEST_ROOT/expected-env > $TEST_ROOT/expected-env.sorted
+sort $TEST_ROOT/actual-env > $TEST_ROOT/actual-env.sorted
+diff $TEST_ROOT/expected-env.sorted $TEST_ROOT/actual-env.sorted
+
 if isDaemonNewer "2.20.0pre20231220"; then
     # Test that command line attribute ordering is reflected in the PATH
     # https://github.com/NixOS/nix/issues/7905