-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathgzip-content-encoding.nix
74 lines (65 loc) · 2.33 KB
/
gzip-content-encoding.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# Test that compressed files fetched from server with compressed responses
# do not get excessively decompressed.
# E.g. fetching a zstd compressed tarball from a server,
# which compresses the response with `Content-Encoding: gzip`.
# The expected result is that the fetched file is a zstd archive.
{ lib, config, ... }:
let
pkgs = config.nodes.machine.nixpkgs.pkgs;
ztdCompressedFile = pkgs.stdenv.mkDerivation {
name = "dummy-zstd-compressed-archive";
dontUnpack = true;
nativeBuildInputs = with pkgs; [ zstd ];
buildPhase = ''
mkdir archive
for _ in {1..100}; do echo "lorem" > archive/file1; done
for _ in {1..100}; do echo "ipsum" > archive/file2; done
tar --zstd -cf archive.tar.zst archive
'';
installPhase = ''
install -Dm 644 -T archive.tar.zst $out/share/archive
'';
};
fileCmd = "${pkgs.file}/bin/file";
in
{
name = "gzip-content-encoding";
nodes = {
machine =
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx.enable = true;
services.nginx.virtualHosts."localhost" = {
root = "${ztdCompressedFile}/share/";
# Make sure that nginx really tries to compress the
# file on the fly with no regard to size/mime.
# http://nginx.org/en/docs/http/ngx_http_gzip_module.html
extraConfig = ''
gzip on;
gzip_types *;
gzip_proxied any;
gzip_min_length 0;
'';
};
virtualisation.writableStore = true;
virtualisation.additionalPaths = with pkgs; [ file ];
nix.settings.substituters = lib.mkForce [ ];
};
};
# Check that when nix-prefetch-url is used with a zst tarball it does not get decompressed.
testScript =
{ nodes }:
''
# fmt: off
start_all()
machine.wait_for_unit("nginx.service")
machine.succeed("""
# Make sure that the file is properly compressed as the test would be meaningless otherwise
curl --compressed -v http://localhost/archive |& tr -s ' ' |& grep --ignore-case 'content-encoding: gzip'
archive_path=$(nix-prefetch-url http://localhost/archive --print-path | tail -n1)
[[ $(${fileCmd} --brief --mime-type $archive_path) == "application/zstd" ]]
tar --zstd -xf $archive_path
""")
'';
}