diff options
| author | Victor Engmark <vengmark@linz.govt.nz> | 2021-11-26 09:53:57 +1300 |
|---|---|---|
| committer | Victor Engmark <vengmark@linz.govt.nz> | 2021-11-26 10:55:14 +1300 |
| commit | 989f034ff1f8f5f3287074d4569cfd199e857ea1 (patch) | |
| tree | f187f091205175eb6763e00a8a560b70ab0f3a8c /lib | |
| parent | bfc580f54fb90295f7375ae166446e334e6ebd17 (diff) | |
lib/tests: Set hardening pragmas
Makes any programming errors more likely to show up early.
Non-obvious changes because of this:
- Ignore the `evalConfig` result in `reportFailure`; we're not checking
it at that point.
- Pre-increment `$fail` and `$pass` to make sure the arithmetic doesn't
result in a zero, which would result in a non-zero exit code for the
expression.
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/tests/modules.sh | 11 | ||||
| -rwxr-xr-x | lib/tests/sources.sh | 1 |
2 files changed, 8 insertions, 4 deletions
diff --git a/lib/tests/modules.sh b/lib/tests/modules.sh index 67d4e589bdef..de03f7c366a4 100755 --- a/lib/tests/modules.sh +++ b/lib/tests/modules.sh @@ -3,6 +3,9 @@ # This script is used to test that the module system is working as expected. # By default it test the version of nixpkgs which is defined in the NIX_PATH. +set -o errexit -o noclobber -o nounset -o pipefail +shopt -s failglob inherit_errexit + # https://stackoverflow.com/a/246128/6605742 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" @@ -23,15 +26,15 @@ reportFailure() { shift local script="import ./default.nix { modules = [ $* ];}" echo 2>&1 "$ nix-instantiate -E '$script' -A '$attr' --eval-only" - evalConfig "$attr" "$@" - fail=$((fail + 1)) + evalConfig "$attr" "$@" || true + ((++fail)) } checkConfigOutput() { local outputContains=$1 shift if evalConfig "$@" 2>/dev/null | grep --silent "$outputContains" ; then - pass=$((pass + 1)) + ((++pass)) else echo 2>&1 "error: Expected result matching '$outputContains', while evaluating" reportFailure "$@" @@ -47,7 +50,7 @@ checkConfigError() { reportFailure "$@" else if echo "$err" | grep -zP --silent "$errorContains" ; then - pass=$((pass + 1)) + ((++pass)) else echo 2>&1 "error: Expected error matching '$errorContains', while evaluating" reportFailure "$@" diff --git a/lib/tests/sources.sh b/lib/tests/sources.sh index 68d21d2aa6d3..a7f490a79d74 100755 --- a/lib/tests/sources.sh +++ b/lib/tests/sources.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -euo pipefail +shopt -s inherit_errexit # Use # || die |