Merge pull request #166383 from hercules-ci/always-sanitize-derivation-name

Always sanitize derivation name
2 years ago · 559ac3c9e7
parent f1aa084baa fffabe7500
commit 559ac3c9e7
6 changed files with 22 additions and 8 deletions
--- a/lib/strings.nix
+++ b/lib/strings.nix
@ -756,7 +756,14 @@ rec {
       sanitizeDerivationName pkgs.hello
       => "-nix-store-2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10"
  */
-  sanitizeDerivationName = string: lib.pipe string [
+  sanitizeDerivationName =
+  let okRegex = match "[[:alnum:]+_?=-][[:alnum:]+._?=-]*";
+  in
+  string:
+  # First detect the common case of already valid strings, to speed those up
+  if stringLength string <= 207 && okRegex string != null
+  then unsafeDiscardStringContext string
+  else lib.pipe string [
    # Get rid of string context. This is safe under the assumption that the
    # resulting string is only used as a derivation name
    unsafeDiscardStringContext
--- a/lib/tests/misc.nix
+++ b/lib/tests/misc.nix
@ -649,6 +649,11 @@ runTests {
    expected = "foo";
  };

+  testSanitizeDerivationNameUnicode = testSanitizeDerivationName {
+    name = "fö";
+    expected = "f-";
+  };
+
  testSanitizeDerivationNameAscii = testSanitizeDerivationName {
    name = " !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
    expected = "-+--.-0123456789-=-?-ABCDEFGHIJKLMNOPQRSTUVWXYZ-_-abcdefghijklmnopqrstuvwxyz-";
--- a/nixos/tests/nixops/default.nix
+++ b/nixos/tests/nixops/default.nix
@ -97,7 +97,7 @@ let
    derivations and all build dependency outputs, all the way down.
  */
  allDrvOutputs = pkg:
-    let name = lib.strings.sanitizeDerivationName "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}";
+    let name = "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}";
    in
    pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } ''
      touch $out
--- a/pkgs/build-support/test-equal-derivation.nix
+++ b/pkgs/build-support/test-equal-derivation.nix
@ -23,7 +23,7 @@ let
  drvB = builtins.unsafeDiscardOutputDependency b.drvPath or (throw "testEqualDerivation third argument must be a package");
  name =
    if a?name
-    then lib.strings.sanitizeDerivationName "testEqualDerivation-${a.name}"
+    then "testEqualDerivation-${a.name}"
    else "testEqualDerivation";
 in
 if drvA == drvB then
--- a/pkgs/build-support/trivial-builders.nix
+++ b/pkgs/build-support/trivial-builders.nix
@ -70,8 +70,7 @@ rec {
    # name of the resulting derivation
    }: buildCommand:
    stdenv.mkDerivation ({
-      name = lib.strings.sanitizeDerivationName name;
-      inherit buildCommand;
+      inherit buildCommand name;
      passAsFile = [ "buildCommand" ]
        ++ (derivationArgs.passAsFile or []);
    }
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@ -219,9 +219,11 @@ else let
          # it again.
          staticMarker = lib.optionalString stdenv.hostPlatform.isStatic "-static";
        in
+        lib.strings.sanitizeDerivationName (
          if attrs ? name
          then attrs.name + hostSuffix
-          else "${attrs.pname}${staticMarker}${hostSuffix}-${attrs.version}";
+          else "${attrs.pname}${staticMarker}${hostSuffix}-${attrs.version}"
+        );
    }) // {
      builder = attrs.realBuilder or stdenv.shell;
      args = attrs.args or ["-e" (attrs.builder or ./default-builder.sh)];
@ -340,8 +342,9 @@ else let
  # passed to the builder and is not a dependency.  But since we
  # include it in the result, it *is* available to nix-env for queries.
  meta = {
-      # `name` above includes cross-compilation cruft (and is under assert),
-      # lets have a clean always accessible version here.
+      # `name` above includes cross-compilation cruft,
+      # is under assert, and is sanitized.
+      # Let's have a clean always accessible version here.
      name = attrs.name or "${attrs.pname}-${attrs.version}";

      # If the packager hasn't specified `outputsToInstall`, choose a default,