Checked maintainers

lib/options.nix

@@ -193,14 +193,7 @@ rec {
        (showOption ["foo" "bar" "baz"]) == "foo.bar.baz"
        (showOption ["foo" "bar.baz" "tux"]) == "foo.\"bar.baz\".tux"
   */
-  showOption = parts: let
-    escapeOptionPart = part:
-      let
-        escaped = lib.strings.escapeNixString part;
-      in if escaped == "\"${part}\""
-         then part
-         else escaped;
-    in (concatStringsSep ".") (map escapeOptionPart parts);
+  showOption = parts: concatMapStringsSep "." escapeNixIdentifier parts;
   showFiles = files: concatStringsSep " and " (map (f: "`${f}'") files);
   unknownModule = "<unknown-file>";
 

lib/strings.nix

@@ -315,6 +315,21 @@ rec {
   */
   escapeNixString = s: escape ["$"] (builtins.toJSON s);
 
+  /* Quotes a string if it can't be used as an identifier directly.
+
+     Type: string -> string
+
+     Example:
+       escapeNixIdentifier "hello"
+       => "hello"
+       escapeNixIdentifier "0abc"
+       => "\"0abc\""
+  */
+  escapeNixIdentifier = s:
+    # Regex from https://github.com/NixOS/nix/blob/d048577909e383439c2549e849c5c2f2016c997e/src/libexpr/lexer.l#L91
+    if builtins.match "[a-zA-Z_][a-zA-Z0-9_'-]*" s != null
+    then s else escapeNixString s;
+
   # Obsolete - use replaceStrings instead.
   replaceChars = builtins.replaceStrings or (
     del: new: s:

lib/tests/maintainers.nix

@@ -0,0 +1,75 @@
+# to run these tests:
+# nix-build nixpkgs/lib/tests/maintainers.nix
+# If nothing is output, all tests passed
+{ pkgs ? import ../.. {} }:
+
+let
+  inherit (pkgs) lib;
+  inherit (lib) types;
+
+  maintainerModule = { config, ... }: {
+    options = {
+      name = lib.mkOption {
+        type = types.str;
+      };
+      email = lib.mkOption {
+        type = types.str;
+      };
+      github = lib.mkOption {
+        type = types.nullOr types.str;
+        default = null;
+      };
+      githubId = lib.mkOption {
+        type = types.nullOr types.ints.unsigned;
+        default = null;
+      };
+      keys = lib.mkOption {
+        type = types.listOf (types.submodule {
+          options.longkeyid = lib.mkOption { type = types.str; };
+          options.fingerprint = lib.mkOption { type = types.str; };
+        });
+        default = [];
+      };
+    };
+  };
+
+  checkMaintainer = handle: uncheckedAttrs:
+  let
+      prefix = [ "lib" "maintainers" handle ];
+      checkedAttrs = (lib.modules.evalModules {
+        inherit prefix;
+        modules = [
+          maintainerModule
+          {
+            _file = toString ../../maintainers/maintainer-list.nix;
+            config = uncheckedAttrs;
+          }
+        ];
+      }).config;
+
+      checkGithubId = lib.optional (checkedAttrs.github != null && checkedAttrs.githubId == null) ''
+        echo ${lib.escapeShellArg (lib.showOption prefix)}': If `github` is specified, `githubId` must be too.'
+        # Calling this too often would hit non-authenticated API limits, but this
+        # shouldn't happen since such errors will get fixed rather quickly
+        info=$(curl -sS https://api.github.com/users/${checkedAttrs.github})
+        id=$(jq -r '.id' <<< "$info")
+        echo "The GitHub ID for GitHub user ${checkedAttrs.github} is $id:"
+        echo -e "    githubId = $id;\n"
+      '';
+    in lib.deepSeq checkedAttrs checkGithubId;
+
+  missingGithubIds = lib.concatLists (lib.mapAttrsToList checkMaintainer lib.maintainers);
+
+  success = pkgs.runCommandNoCC "checked-maintainers-success" {} ">$out";
+
+  failure = pkgs.runCommandNoCC "checked-maintainers-failure" {
+    nativeBuildInputs = [ pkgs.curl pkgs.jq ];
+    outputHash = "sha256:${lib.fakeSha256}";
+    outputHAlgo = "sha256";
+    outputHashMode = "flat";
+    SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+  } ''
+    ${lib.concatStringsSep "\n" missingGithubIds}
+    exit 1
+  '';
+in if missingGithubIds == [] then success else failure

lib/tests/modules.sh

@@ -3,7 +3,10 @@
 # This script is used to test that the module system is working as expected.
 # By default it test the version of nixpkgs which is defined in the NIX_PATH.
 
-cd ./modules
+# https://stackoverflow.com/a/246128/6605742
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+cd "$DIR"/modules
 
 pass=0
 fail=0

lib/tests/release.nix

@@ -1,7 +1,7 @@
-{ pkgs ? import ((import ../.).cleanSource ../..) {} }:
+{ pkgs ? import ../.. {} }:
 
 pkgs.runCommandNoCC "nixpkgs-lib-tests" {
-  buildInputs = [ pkgs.nix (import ./check-eval.nix) ];
+  buildInputs = [ pkgs.nix (import ./check-eval.nix) (import ./maintainers.nix { inherit pkgs; }) ];
   NIX_PATH = "nixpkgs=${toString pkgs.path}";
 } ''
     datadir="${pkgs.nix}/share"
@@ -17,8 +17,8 @@ pkgs.runCommandNoCC "nixpkgs-lib-tests" {
     cacheDir=$TEST_ROOT/binary-cache
     nix-store --init
 
-    cd ${pkgs.path}/lib/tests
-    bash ./modules.sh
+    cp -r ${../.} lib
+    bash lib/tests/modules.sh
 
     touch $out
 ''