diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-03-15 10:36:38 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2022-03-16 11:37:19 +0000 |
| commit | d435710923ac6e6f9fc155534800745004f2ce93 (patch) | |
| tree | 386f9401476f96bdc6ec25173a090198942b5d5b /nixpkgs/nixos/tests | |
| parent | c725f0011e91ae49d351b981690eb66b862b6104 (diff) | |
| parent | 3239fd2b8f728106491154b44625662e10259af2 (diff) | |
| download | nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.gz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.bz2 nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.lz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.xz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.zst nixlib-d435710923ac6e6f9fc155534800745004f2ce93.zip | |
Merge commit '3239fd2b8f728106491154b44625662e10259af2'
Conflicts: nixpkgs/pkgs/applications/window-managers/sway/default.nix
Diffstat (limited to 'nixpkgs/nixos/tests')
38 files changed, 1167 insertions, 332 deletions
diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 515a3c7208ce..001518d02cba 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -189,9 +189,9 @@ in grocy = handleTest ./grocy.nix {}; grub = handleTest ./grub.nix {}; gvisor = handleTest ./gvisor.nix {}; - hadoop.all = handleTestOn [ "x86_64-linux" ] ./hadoop/hadoop.nix {}; - hadoop.hdfs = handleTestOn [ "x86_64-linux" ] ./hadoop/hdfs.nix {}; - hadoop.yarn = handleTestOn [ "x86_64-linux" ] ./hadoop/yarn.nix {}; + hadoop.all = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./hadoop/hadoop.nix {}; + hadoop.hdfs = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./hadoop/hdfs.nix {}; + hadoop.yarn = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./hadoop/yarn.nix {}; haka = handleTest ./haka.nix {}; haproxy = handleTest ./haproxy.nix {}; hardened = handleTest ./hardened.nix {}; @@ -224,6 +224,7 @@ in initrd-network-ssh = handleTest ./initrd-network-ssh {}; initrdNetwork = handleTest ./initrd-network.nix {}; initrd-secrets = handleTest ./initrd-secrets.nix {}; + input-remapper = handleTest ./input-remapper.nix {}; inspircd = handleTest ./inspircd.nix {}; installer = handleTest ./installer.nix {}; invoiceplane = handleTest ./invoiceplane.nix {}; @@ -270,6 +271,7 @@ in litestream = handleTest ./litestream.nix {}; locate = handleTest ./locate.nix {}; login = handleTest ./login.nix {}; + logrotate = handleTest ./logrotate.nix {}; loki = handleTest ./loki.nix {}; lxd = handleTest ./lxd.nix {}; lxd-image = handleTest ./lxd-image.nix {}; @@ -321,13 +323,13 @@ in mysql-replication = handleTest ./mysql/mysql-replication.nix {}; n8n = handleTest ./n8n.nix {}; nagios = handleTest ./nagios.nix {}; - nano = handleTest ./nano.nix {}; nar-serve = handleTest ./nar-serve.nix {}; nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; nat.standalone = handleTest ./nat.nix { withFirewall = false; }; nats = handleTest ./nats.nix {}; navidrome = handleTest ./navidrome.nix {}; + nbd = handleTest ./nbd.nix {}; ncdns = handleTest ./ncdns.nix {}; ndppd = handleTest ./ndppd.nix {}; nebula = handleTest ./nebula.nix {}; @@ -347,6 +349,7 @@ in nginx = handleTest ./nginx.nix {}; nginx-auth = handleTest ./nginx-auth.nix {}; nginx-etag = handleTest ./nginx-etag.nix {}; + nginx-modsecurity = handleTest ./nginx-modsecurity.nix {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; nginx-sso = handleTest ./nginx-sso.nix {}; @@ -392,6 +395,8 @@ in pdns-recursor = handleTest ./pdns-recursor.nix {}; peerflix = handleTest ./peerflix.nix {}; peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; + pgadmin4 = handleTest ./pgadmin4.nix {}; + pgadmin4-standalone = handleTest ./pgadmin4-standalone.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; php = handleTest ./php {}; @@ -498,6 +503,7 @@ in systemd-boot = handleTest ./systemd-boot.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {}; + systemd-escaping = handleTest ./systemd-escaping.nix {}; systemd-journal = handleTest ./systemd-journal.nix {}; systemd-machinectl = handleTest ./systemd-machinectl.nix {}; systemd-networkd = handleTest ./systemd-networkd.nix {}; @@ -519,6 +525,7 @@ in tinc = handleTest ./tinc {}; tinydns = handleTest ./tinydns.nix {}; tinywl = handleTest ./tinywl.nix {}; + tomcat = handleTest ./tomcat.nix {}; tor = handleTest ./tor.nix {}; # traefik test relies on docker-containers traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {}; @@ -551,6 +558,7 @@ in vikunja = handleTest ./vikunja.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; vscodium = discoverTests (import ./vscodium.nix); + vsftpd = handleTest ./vsftpd.nix {}; wasabibackend = handleTest ./wasabibackend.nix {}; wiki-js = handleTest ./wiki-js.nix {}; wine = handleTest ./wine.nix {}; @@ -569,6 +577,7 @@ in xxh = handleTest ./xxh.nix {}; yabar = handleTest ./yabar.nix {}; yggdrasil = handleTest ./yggdrasil.nix {}; + zammad = handleTest ./zammad.nix {}; zfs = handleTest ./zfs.nix {}; zigbee2mqtt = handleTest ./zigbee2mqtt.nix {}; zoneminder = handleTest ./zoneminder.nix {}; diff --git a/nixpkgs/nixos/tests/bcachefs.nix b/nixpkgs/nixos/tests/bcachefs.nix index 211195586ed9..44997a746879 100644 --- a/nixpkgs/nixos/tests/bcachefs.nix +++ b/nixpkgs/nixos/tests/bcachefs.nix @@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { virtualisation.emptyDiskImages = [ 4096 ]; networking.hostId = "deadbeef"; boot.supportedFilesystems = [ "bcachefs" ]; - environment.systemPackages = with pkgs; [ parted ]; + environment.systemPackages = with pkgs; [ parted keyutils ]; }; testScript = '' @@ -20,10 +20,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { "parted --script /dev/vdb mklabel msdos", "parted --script /dev/vdb -- mkpart primary 1024M 50% mkpart primary 50% -1s", "udevadm settle", - # Due to #32279, we cannot use encryption for this test yet - # "echo password | bcachefs format --encrypted --metadata_replicas 2 --label vtest /dev/vdb1 /dev/vdb2", - # "echo password | bcachefs unlock /dev/vdb1", - "bcachefs format --metadata_replicas 2 --label vtest /dev/vdb1 /dev/vdb2", + "keyctl link @u @s", + "echo password | bcachefs format --encrypted --metadata_replicas 2 --label vtest /dev/vdb1 /dev/vdb2", + "echo password | bcachefs unlock /dev/vdb1", "mount -t bcachefs /dev/vdb1:/dev/vdb2 /tmp/mnt", "udevadm settle", "bcachefs fs usage /tmp/mnt", diff --git a/nixpkgs/nixos/tests/bird.nix b/nixpkgs/nixos/tests/bird.nix index 50d397be14ee..822a7caea9ba 100644 --- a/nixpkgs/nixos/tests/bird.nix +++ b/nixpkgs/nixos/tests/bird.nix @@ -9,7 +9,7 @@ let inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; inherit (pkgs.lib) optionalString; - hostShared = hostId: { pkgs, ... }: { + makeBird2Host = hostId: { pkgs, ... }: { virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ jq ]; @@ -24,105 +24,6 @@ let name = "eth1"; networkConfig.Address = "10.0.0.${hostId}/24"; }; - }; - - birdTest = v4: - let variant = "bird${optionalString (!v4) "6"}"; in - makeTest { - name = variant; - - nodes.host1 = makeBirdHost variant "1"; - nodes.host2 = makeBirdHost variant "2"; - - testScript = makeTestScript variant v4 (!v4); - }; - - bird2Test = makeTest { - name = "bird2"; - - nodes.host1 = makeBird2Host "1"; - nodes.host2 = makeBird2Host "2"; - - testScript = makeTestScript "bird2" true true; - }; - - makeTestScript = variant: v4: v6: '' - start_all() - - host1.wait_for_unit("${variant}.service") - host2.wait_for_unit("${variant}.service") - - ${optionalString v4 '' - with subtest("Waiting for advertised IPv4 routes"): - host1.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.2\")) | any'") - host2.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.1\")) | any'") - ''} - ${optionalString v6 '' - with subtest("Waiting for advertised IPv6 routes"): - host1.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::2\")) | any'") - host2.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::1\")) | any'") - ''} - - with subtest("Check fake routes in preCheckConfig do not exists"): - ${optionalString v4 ''host1.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'")''} - ${optionalString v4 ''host2.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'")''} - - ${optionalString v6 ''host1.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'")''} - ${optionalString v6 ''host2.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'")''} - ''; - - makeBirdHost = variant: hostId: { pkgs, ... }: { - imports = [ (hostShared hostId) ]; - - services.${variant} = { - enable = true; - - config = '' - log syslog all; - - debug protocols all; - - router id 10.0.0.${hostId}; - - protocol device { - } - - protocol kernel { - import none; - export all; - } - - protocol static { - include "static.conf"; - } - - protocol ospf { - export all; - area 0 { - interface "eth1" { - hello 5; - wait 5; - }; - }; - } - ''; - - preCheckConfig = - let - route = { bird = "1.2.3.4/32"; bird6 = "fd00::/128"; }.${variant}; - in - ''echo "route ${route} blackhole;" > static.conf''; - }; - - systemd.tmpfiles.rules = - let - route = { bird = "10.10.0.${hostId}/32"; bird6 = "fdff::${hostId}/128"; }.${variant}; - in - [ "f /etc/bird/static.conf - - - - route ${route} blackhole;" ]; - }; - - makeBird2Host = hostId: { pkgs, ... }: { - imports = [ (hostShared hostId) ]; services.bird2 = { enable = true; @@ -198,8 +99,31 @@ let ]; }; in -{ - bird = birdTest true; - bird6 = birdTest false; - bird2 = bird2Test; +makeTest { + name = "bird2"; + + nodes.host1 = makeBird2Host "1"; + nodes.host2 = makeBird2Host "2"; + + testScript = '' + start_all() + + host1.wait_for_unit("bird2.service") + host2.wait_for_unit("bird2.service") + host1.succeed("systemctl reload bird2.service") + + with subtest("Waiting for advertised IPv4 routes"): + host1.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.2\")) | any'") + host2.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"10.10.0.1\")) | any'") + with subtest("Waiting for advertised IPv6 routes"): + host1.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::2\")) | any'") + host2.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"fdff::1\")) | any'") + + with subtest("Check fake routes in preCheckConfig do not exists"): + host1.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'") + host2.fail("ip --json r | jq -e 'map(select(.dst == \"1.2.3.4\")) | any'") + + host1.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'") + host2.fail("ip --json -6 r | jq -e 'map(select(.dst == \"fd00::\")) | any'") + ''; } diff --git a/nixpkgs/nixos/tests/cntr.nix b/nixpkgs/nixos/tests/cntr.nix index 668470756209..e4e13545b876 100644 --- a/nixpkgs/nixos/tests/cntr.nix +++ b/nixpkgs/nixos/tests/cntr.nix @@ -28,10 +28,16 @@ let testScript = '' start_all() ${backend}.wait_for_unit("${backend}-nginx.service") - result = ${backend}.wait_until_succeeds( - "cntr attach -t ${backend} nginx sh -- -c 'curl localhost | grep Hello'" + ${backend}.wait_for_open_port(8181) + # For some reason, the cntr command hangs when run without the &. + # As such, we have to do some messy things to ensure we check the exitcode and output in a race-condition-safe manner + ${backend}.execute( + "(cntr attach -t ${backend} nginx sh -- -c 'curl localhost | grep Hello' > /tmp/result; echo $? > /tmp/exitcode; touch /tmp/done) &" ) - assert "Hello" in result + + ${backend}.wait_for_file("/tmp/done") + assert "0" == ${backend}.succeed("cat /tmp/exitcode").strip(), "non-zero exit code" + assert "Hello" in ${backend}.succeed("cat /tmp/result"), "no greeting in output" ''; }; @@ -54,7 +60,13 @@ let testScript = '' machine.start() machine.wait_for_unit("container@test.service") - machine.succeed("cntr attach test sh -- -c 'ping -c5 172.16.0.1'") + # I haven't observed the same hanging behaviour in this version as in the OCI version which necessetates this messy invocation, but it's probably better to be safe than sorry and use it here as well + machine.execute( + "(cntr attach test sh -- -c 'ping -c5 172.16.0.1'; echo $? > /tmp/exitcode; touch /tmp/done) &" + ) + + machine.wait_for_file("/tmp/done") + assert "0" == machine.succeed("cat /tmp/exitcode").strip(), "non-zero exit code" ''; }; in { diff --git a/nixpkgs/nixos/tests/empty-file b/nixpkgs/nixos/tests/empty-file new file mode 100644 index 000000000000..e69de29bb2d1 --- /dev/null +++ b/nixpkgs/nixos/tests/empty-file diff --git a/nixpkgs/nixos/tests/home-assistant.nix b/nixpkgs/nixos/tests/home-assistant.nix index 31f8a4bcc198..10f9cb05c9cb 100644 --- a/nixpkgs/nixos/tests/home-assistant.nix +++ b/nixpkgs/nixos/tests/home-assistant.nix @@ -2,8 +2,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let configDir = "/var/lib/foobar"; - mqttUsername = "homeassistant"; - mqttPassword = "secret"; in { name = "home-assistant"; meta.maintainers = lib.teams.home-assistant.members; @@ -11,18 +9,6 @@ in { nodes.hass = { pkgs, ... }: { environment.systemPackages = with pkgs; [ mosquitto ]; - services.mosquitto = { - enable = true; - listeners = [ { - users = { - "${mqttUsername}" = { - acl = [ "readwrite #" ]; - password = mqttPassword; - }; - }; - } ]; - }; - services.postgresql = { enable = true; ensureDatabases = [ "hass" ]; @@ -76,23 +62,6 @@ in { # https://www.home-assistant.io/integrations/frontend/ frontend = {}; - # configure an mqtt broker connection - # https://www.home-assistant.io/integrations/mqtt - mqtt = { - broker = "127.0.0.1"; - username = mqttUsername; - password = mqttPassword; - }; - - # create a mqtt sensor that syncs state with its mqtt topic - # https://www.home-assistant.io/integrations/sensor.mqtt/ - binary_sensor = [ { - platform = "mqtt"; - state_topic = "home-assistant/test"; - payload_on = "let_there_be_light"; - payload_off = "off"; - } ]; - # set up a wake-on-lan switch to test capset capability required # for the ping suid wrapper # https://www.home-assistant.io/integrations/wake_on_lan/ @@ -109,11 +78,9 @@ in { listen_port = 80; }; - # show mqtt interaction in the log # https://www.home-assistant.io/integrations/logger/ logger = { default = "info"; - logs."homeassistant.components.mqtt" = "debug"; }; }; @@ -167,12 +134,6 @@ in { hass.wait_for_open_port(8123) hass.succeed("curl --fail http://localhost:8123/lovelace") - with subtest("Toggle a binary sensor using MQTT"): - hass.wait_for_open_port(1883) - hass.succeed( - "mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light" - ) - with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"): hass.wait_for_open_port(80) hass.succeed("curl --fail http://localhost:80/description.xml") @@ -188,10 +149,6 @@ in { with subtest("Check that no errors were logged"): assert "ERROR" not in output_log - # example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light' - with subtest("Check we received the mosquitto message"): - assert "let_there_be_light" in output_log - with subtest("Check systemd unit hardening"): hass.log(hass.succeed("systemctl cat home-assistant.service")) hass.log(hass.succeed("systemd-analyze security home-assistant.service")) diff --git a/nixpkgs/nixos/tests/input-remapper.nix b/nixpkgs/nixos/tests/input-remapper.nix new file mode 100644 index 000000000000..f692564caa57 --- /dev/null +++ b/nixpkgs/nixos/tests/input-remapper.nix @@ -0,0 +1,52 @@ +import ./make-test-python.nix ({ pkgs, ... }: + + { + name = "input-remapper"; + meta = { + maintainers = with pkgs.lib.maintainers; [ LunNova ]; + }; + + machine = { config, ... }: + let user = config.users.users.sybil; in + { + imports = [ + ./common/user-account.nix + ./common/x11.nix + ]; + + services.xserver.enable = true; + services.input-remapper.enable = true; + users.users.sybil = { isNormalUser = true; group = "wheel"; }; + test-support.displayManager.auto.user = user.name; + # workaround for pkexec not working in the test environment + # Error creating textual authentication agent: + # Error opening current controlling terminal for the process (`/dev/tty'): + # No such device or address + # passwordless pkexec with polkit module also doesn't work + # to allow the program to run, we replace pkexec with sudo + # and turn on passwordless sudo + # this is not correct in general but good enough for this test + security.sudo = { enable = true; wheelNeedsPassword = false; }; + security.wrappers.pkexec = pkgs.lib.mkForce + { + setuid = true; + owner = "root"; + group = "root"; + source = "${pkgs.sudo}/bin/sudo"; + }; + }; + + enableOCR = true; + + testScript = { nodes, ... }: '' + start_all() + machine.wait_for_x() + + machine.succeed("systemctl status input-remapper.service") + machine.execute("su - sybil -c input-remapper-gtk >&2 &") + + machine.wait_for_text("Input Remapper") + machine.wait_for_text("Preset") + machine.wait_for_text("Change Key") + ''; + }) diff --git a/nixpkgs/nixos/tests/installed-tests/appstream-qt.nix b/nixpkgs/nixos/tests/installed-tests/appstream-qt.nix new file mode 100644 index 000000000000..d08187bfe466 --- /dev/null +++ b/nixpkgs/nixos/tests/installed-tests/appstream-qt.nix @@ -0,0 +1,9 @@ +{ pkgs, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.libsForQt5.appstream-qt; + + testConfig = { + appstream.enable = true; + }; +} diff --git a/nixpkgs/nixos/tests/installed-tests/appstream.nix b/nixpkgs/nixos/tests/installed-tests/appstream.nix new file mode 100644 index 000000000000..f71a095d4452 --- /dev/null +++ b/nixpkgs/nixos/tests/installed-tests/appstream.nix @@ -0,0 +1,9 @@ +{ pkgs, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.appstream; + + testConfig = { + appstream.enable = true; + }; +} diff --git a/nixpkgs/nixos/tests/installed-tests/default.nix b/nixpkgs/nixos/tests/installed-tests/default.nix index 08785e5e6669..079fd54e71e5 100644 --- a/nixpkgs/nixos/tests/installed-tests/default.nix +++ b/nixpkgs/nixos/tests/installed-tests/default.nix @@ -84,6 +84,8 @@ let in { + appstream = callInstalledTest ./appstream.nix {}; + appstream-qt = callInstalledTest ./appstream-qt.nix {}; colord = callInstalledTest ./colord.nix {}; flatpak = callInstalledTest ./flatpak.nix {}; flatpak-builder = callInstalledTest ./flatpak-builder.nix {}; diff --git a/nixpkgs/nixos/tests/keycloak.nix b/nixpkgs/nixos/tests/keycloak.nix index 1be3fed6acc9..6367ed808e06 100644 --- a/nixpkgs/nixos/tests/keycloak.nix +++ b/nixpkgs/nixos/tests/keycloak.nix @@ -40,7 +40,7 @@ let environment.systemPackages = with pkgs; [ xmlstarlet - libtidy + html-tidy jq ]; }; diff --git a/nixpkgs/nixos/tests/kubernetes/base.nix b/nixpkgs/nixos/tests/kubernetes/base.nix index f0c72084be5c..d4410beb937e 100644 --- a/nixpkgs/nixos/tests/kubernetes/base.nix +++ b/nixpkgs/nixos/tests/kubernetes/base.nix @@ -18,7 +18,7 @@ let ${master.ip} api.${domain} ${concatMapStringsSep "\n" (machineName: "${machines.${machineName}.ip} ${machineName}.${domain}") (attrNames machines)} ''; - kubectl = with pkgs; runCommand "wrap-kubectl" { buildInputs = [ makeWrapper ]; } '' + wrapKubectl = with pkgs; runCommand "wrap-kubectl" { buildInputs = [ makeWrapper ]; } '' mkdir -p $out/bin makeWrapper ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl --set KUBECONFIG "/etc/kubernetes/cluster-admin.kubeconfig" ''; @@ -48,7 +48,7 @@ let }; }; programs.bash.enableCompletion = true; - environment.systemPackages = [ kubectl ]; + environment.systemPackages = [ wrapKubectl ]; services.flannel.iface = "eth1"; services.kubernetes = { proxy.hostname = "${masterName}.${domain}"; diff --git a/nixpkgs/nixos/tests/kubernetes/rbac.nix b/nixpkgs/nixos/tests/kubernetes/rbac.nix index ca73562256e4..9e73fbbd32a8 100644 --- a/nixpkgs/nixos/tests/kubernetes/rbac.nix +++ b/nixpkgs/nixos/tests/kubernetes/rbac.nix @@ -76,7 +76,7 @@ let }]; }); - kubectl = pkgs.runCommand "copy-kubectl" { buildInputs = [ pkgs.kubernetes ]; } '' + copyKubectl = pkgs.runCommand "copy-kubectl" { } '' mkdir -p $out/bin cp ${pkgs.kubernetes}/bin/kubectl $out/bin/kubectl ''; @@ -84,7 +84,7 @@ let kubectlImage = pkgs.dockerTools.buildImage { name = "kubectl"; tag = "latest"; - contents = [ kubectl pkgs.busybox kubectlPod2 ]; + contents = [ copyKubectl pkgs.busybox kubectlPod2 ]; config.Entrypoint = ["/bin/sh"]; }; diff --git a/nixpkgs/nixos/tests/logrotate.nix b/nixpkgs/nixos/tests/logrotate.nix new file mode 100644 index 000000000000..38da8d535275 --- /dev/null +++ b/nixpkgs/nixos/tests/logrotate.nix @@ -0,0 +1,37 @@ +# Test logrotate service works and is enabled by default + +import ./make-test-python.nix ({ pkgs, ...} : rec { + name = "logrotate"; + meta = with pkgs.lib.maintainers; { + maintainers = [ martinetd ]; + }; + + # default machine + machine = { ... }: { + }; + + testScript = + '' + with subtest("whether logrotate works"): + machine.succeed( + # we must rotate once first to create logrotate stamp + "systemctl start logrotate.service") + # we need to wait for console text once here to + # clear console buffer up to this point for next wait + machine.wait_for_console_text('logrotate.service: Deactivated successfully') + + machine.succeed( + # wtmp is present in default config. + "rm -f /var/log/wtmp*", + # we need to give it at least 1MB + "dd if=/dev/zero of=/var/log/wtmp bs=2M count=1", + + # move into the future and check rotation. + "date -s 'now + 1 month + 1 day'") + machine.wait_for_console_text('logrotate.service: Deactivated successfully') + machine.succeed( + # check rotate worked + "[ -e /var/log/wtmp.1 ]", + ) + ''; +}) diff --git a/nixpkgs/nixos/tests/matrix-appservice-irc.nix b/nixpkgs/nixos/tests/matrix-appservice-irc.nix index e1da410af060..d1c561f95dbf 100644 --- a/nixpkgs/nixos/tests/matrix-appservice-irc.nix +++ b/nixpkgs/nixos/tests/matrix-appservice-irc.nix @@ -1,6 +1,6 @@ import ./make-test-python.nix ({ pkgs, ... }: let - homeserverUrl = "http://homeserver:8448"; + homeserverUrl = "http://homeserver:8008"; in { name = "matrix-appservice-irc"; @@ -14,28 +14,32 @@ import ./make-test-python.nix ({ pkgs, ... }: specialisation.running.configuration = { services.matrix-synapse = { enable = true; - database_type = "sqlite3"; - app_service_config_files = [ "/registration.yml" ]; - - enable_registration = true; - - listeners = [ - # The default but tls=false - { - "bind_address" = ""; - "port" = 8448; - "resources" = [ - { "compress" = true; "names" = [ "client" ]; } - { "compress" = false; "names" = [ "federation" ]; } + settings = { + database.name = "sqlite3"; + app_service_config_files = [ "/registration.yml" ]; + + enable_registration = true; + + listeners = [ { + # The default but tls=false + bind_addresses = [ + "0.0.0.0" ]; - "tls" = false; - "type" = "http"; - "x_forwarded" = false; - } - ]; + port = 8008; + resources = [ { + "compress" = true; + "names" = [ "client" ]; + } { + "compress" = false; + "names" = [ "federation" ]; + } ]; + tls = false; + type = "http"; + } ]; + }; }; - networking.firewall.allowedTCPPorts = [ 8448 ]; + networking.firewall.allowedTCPPorts = [ 8008 ]; }; }; @@ -209,7 +213,7 @@ import ./make-test-python.nix ({ pkgs, ... }: ) homeserver.wait_for_unit("matrix-synapse.service") - homeserver.wait_for_open_port(8448) + homeserver.wait_for_open_port(8008) with subtest("ensure messages can be exchanged"): client.succeed("do_test ${homeserverUrl} >&2") diff --git a/nixpkgs/nixos/tests/matrix-synapse.nix b/nixpkgs/nixos/tests/matrix-synapse.nix index 21e8c24e4713..1ff1e47b2840 100644 --- a/nixpkgs/nixos/tests/matrix-synapse.nix +++ b/nixpkgs/nixos/tests/matrix-synapse.nix @@ -33,6 +33,29 @@ import ./make-test-python.nix ({ pkgs, ... } : let testUser = "alice"; testPassword = "alicealice"; testEmail = "alice@example.com"; + + listeners = [ { + port = 8448; + bind_addresses = [ + "127.0.0.1" + "::1" + ]; + type = "http"; + tls = true; + x_forwarded = false; + resources = [ { + names = [ + "client" + ]; + compress = true; + } { + names = [ + "federation" + ]; + compress = false; + } ]; + } ]; + in { name = "matrix-synapse"; @@ -48,22 +71,24 @@ in { { services.matrix-synapse = { enable = true; - database_type = "psycopg2"; - tls_certificate_path = "${cert}"; - tls_private_key_path = "${key}"; - database_args = { - password = "synapse"; + settings = { + inherit listeners; + database = { + name = "psycopg2"; + args.password = "synapse"; + }; + tls_certificate_path = "${cert}"; + tls_private_key_path = "${key}"; + registration_shared_secret = registrationSharedSecret; + public_baseurl = "https://example.com"; + email = { + smtp_host = mailerDomain; + smtp_port = 25; + require_transport_security = true; + notif_from = "matrix <matrix@${mailerDomain}>"; + app_name = "Matrix"; + }; }; - registration_shared_secret = registrationSharedSecret; - public_baseurl = "https://example.com"; - extraConfig = '' - email: - smtp_host: "${mailerDomain}" - smtp_port: 25 - require_transport_security: true - notif_from: "matrix <matrix@${mailerDomain}>" - app_name: "Matrix" - ''; }; services.postgresql = { enable = true; @@ -165,9 +190,12 @@ in { serversqlite = args: { services.matrix-synapse = { enable = true; - database_type = "sqlite3"; - tls_certificate_path = "${cert}"; - tls_private_key_path = "${key}"; + settings = { + inherit listeners; + database.name = "sqlite3"; + tls_certificate_path = "${cert}"; + tls_private_key_path = "${key}"; + }; }; }; }; diff --git a/nixpkgs/nixos/tests/matrix/mjolnir.nix b/nixpkgs/nixos/tests/matrix/mjolnir.nix index bb55f6f5440b..54094ab9d611 100644 --- a/nixpkgs/nixos/tests/matrix/mjolnir.nix +++ b/nixpkgs/nixos/tests/matrix/mjolnir.nix @@ -38,26 +38,31 @@ import ../make-test-python.nix ( homeserver = { pkgs, ... }: { services.matrix-synapse = { enable = true; - database_type = "sqlite3"; - tls_certificate_path = "${cert}"; - tls_private_key_path = "${key}"; - enable_registration = true; - registration_shared_secret = "supersecret-registration"; - - listeners = [ - # The default but tls=false - { - "bind_address" = ""; - "port" = 8448; - "resources" = [ - { "compress" = true; "names" = [ "client" "webclient" ]; } - { "compress" = false; "names" = [ "federation" ]; } + settings = { + database.name = "sqlite3"; + tls_certificate_path = "${cert}"; + tls_private_key_path = "${key}"; + enable_registration = true; + registration_shared_secret = "supersecret-registration"; + + listeners = [ { + # The default but tls=false + bind_addresses = [ + "0.0.0.0" ]; - "tls" = false; - "type" = "http"; - "x_forwarded" = false; - } - ]; + port = 8448; + resources = [ { + compress = true; + names = [ "client" ]; + } { + compress = false; + names = [ "federation" ]; + } ]; + tls = false; + type = "http"; + x_forwarded = false; + } ]; + }; }; networking.firewall.allowedTCPPorts = [ 8448 ]; diff --git a/nixpkgs/nixos/tests/matrix/pantalaimon.nix b/nixpkgs/nixos/tests/matrix/pantalaimon.nix index fcb9904b2138..1a9894dd2159 100644 --- a/nixpkgs/nixos/tests/matrix/pantalaimon.nix +++ b/nixpkgs/nixos/tests/matrix/pantalaimon.nix @@ -47,9 +47,32 @@ import ../make-test-python.nix ( services.matrix-synapse = { enable = true; - database_type = "sqlite3"; - tls_certificate_path = "${cert}"; - tls_private_key_path = "${key}"; + settings = { + listeners = [ { + port = 8448; + bind_addresses = [ + "127.0.0.1" + "::1" + ]; + type = "http"; + tls = true; + x_forwarded = false; + resources = [ { + names = [ + "client" + ]; + compress = true; + } { + names = [ + "federation" + ]; + compress = false; + } ]; + } ]; + database.name = "sqlite3"; + tls_certificate_path = "${cert}"; + tls_private_key_path = "${key}"; + }; }; }; diff --git a/nixpkgs/nixos/tests/minidlna.nix b/nixpkgs/nixos/tests/minidlna.nix index d852c7f60bc4..104b79078fd5 100644 --- a/nixpkgs/nixos/tests/minidlna.nix +++ b/nixpkgs/nixos/tests/minidlna.nix @@ -33,7 +33,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { server.succeed("mkdir -p /tmp/stuff && chown minidlna: /tmp/stuff") server.wait_for_unit("minidlna") server.wait_for_open_port("8200") - server.succeed("curl --fail http://localhost:8200/") - client.succeed("curl --fail http://server:8200/") + # requests must be made *by IP* to avoid triggering minidlna's + # DNS-rebinding protection + server.succeed("curl --fail http://$(getent ahostsv4 localhost | head -n1 | cut -f 1 -d ' '):8200/") + client.succeed("curl --fail http://$(getent ahostsv4 server | head -n1 | cut -f 1 -d ' '):8200/") ''; }) diff --git a/nixpkgs/nixos/tests/nano.nix b/nixpkgs/nixos/tests/nano.nix deleted file mode 100644 index 6585a6842e85..000000000000 --- a/nixpkgs/nixos/tests/nano.nix +++ /dev/null @@ -1,44 +0,0 @@ -import ./make-test-python.nix ({ pkgs, ...} : { - name = "nano"; - meta = with pkgs.lib.maintainers; { - maintainers = [ nequissimus ]; - }; - - machine = { lib, ... }: { - environment.systemPackages = [ pkgs.nano ]; - }; - - testScript = { ... }: '' - start_all() - - with subtest("Create user and log in"): - machine.wait_for_unit("multi-user.target") - machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") - machine.succeed("useradd -m alice") - machine.succeed("(echo foobar; echo foobar) | passwd alice") - machine.wait_until_tty_matches(1, "login: ") - machine.send_chars("alice\n") - machine.wait_until_tty_matches(1, "login: alice") - machine.wait_until_succeeds("pgrep login") - machine.wait_until_tty_matches(1, "Password: ") - machine.send_chars("foobar\n") - machine.wait_until_succeeds("pgrep -u alice bash") - machine.screenshot("prompt") - - with subtest("Use nano"): - machine.send_chars("nano /tmp/foo") - machine.send_key("ret") - machine.sleep(2) - machine.send_chars("42") - machine.sleep(1) - machine.send_key("ctrl-x") - machine.sleep(1) - machine.send_key("y") - machine.sleep(1) - machine.screenshot("nano") - machine.sleep(1) - machine.send_key("ret") - machine.wait_for_file("/tmp/foo") - assert "42" in machine.succeed("cat /tmp/foo") - ''; -}) diff --git a/nixpkgs/nixos/tests/nats.nix b/nixpkgs/nixos/tests/nats.nix index bee36f262f4c..c650904e53bf 100644 --- a/nixpkgs/nixos/tests/nats.nix +++ b/nixpkgs/nixos/tests/nats.nix @@ -45,21 +45,19 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: { "{}" ).format(" ".join(args)) + def parallel(*fns): + from threading import Thread + threads = [ Thread(target=fn) for fn in fns ] + for t in threads: t.start() + for t in threads: t.join() + start_all() server.wait_for_unit("nats.service") - client1.fail("test -f ${file}") - - # Subscribe on topic on client1 and echo messages to file. - client1.execute("({} | tee ${file} &)".format(nats_cmd("sub", "--raw", "${topic}"))) - - # Give client1 some time to subscribe. - client1.execute("sleep 2") - - # Publish message on client2. - client2.execute(nats_cmd("pub", "${topic}", "hello")) - - # Check if message has been received. - client1.succeed("grep -q hello ${file}") + with subtest("pub sub"): + parallel( + lambda: client1.succeed(nats_cmd("sub", "--count", "1", "${topic}")), + lambda: client2.succeed("sleep 2 && {}".format(nats_cmd("pub", "${topic}", "hello"))), + ) ''; }) diff --git a/nixpkgs/nixos/tests/nbd.nix b/nixpkgs/nixos/tests/nbd.nix new file mode 100644 index 000000000000..16255e68e8a1 --- /dev/null +++ b/nixpkgs/nixos/tests/nbd.nix @@ -0,0 +1,87 @@ +import ./make-test-python.nix ({ pkgs, ... }: + let + listenPort = 30123; + testString = "It works!"; + mkCreateSmallFileService = { path, loop ? false }: { + script = '' + ${pkgs.coreutils}/bin/dd if=/dev/zero of=${path} bs=1K count=100 + ${pkgs.lib.optionalString loop + "${pkgs.util-linux}/bin/losetup --find ${path}"} + ''; + serviceConfig = { + Type = "oneshot"; + }; + wantedBy = [ "multi-user.target" ]; + before = [ "nbd-server.service" ]; + }; + in + { + name = "nbd"; + + nodes = { + server = { config, pkgs, ... }: { + # Create some small files of zeros to use as the ndb disks + ## `vault-pub.disk` is accessible from any IP + systemd.services.create-pub-file = + mkCreateSmallFileService { path = "/vault-pub.disk"; }; + ## `vault-priv.disk` is accessible only from localhost. + ## It's also a loopback device to test exporting /dev/... + systemd.services.create-priv-file = + mkCreateSmallFileService { path = "/vault-priv.disk"; loop = true; }; + + # Needed only for nbd-client used in the tests. + environment.systemPackages = [ pkgs.nbd ]; + + # Open the nbd port in the firewall + networking.firewall.allowedTCPPorts = [ listenPort ]; + + # Run the nbd server and expose the small file created above + services.nbd.server = { + enable = true; + exports = { + vault-pub = { + path = "/vault-pub.disk"; + }; + vault-priv = { + path = "/dev/loop0"; + allowAddresses = [ "127.0.0.1" "::1" ]; + }; + }; + listenAddress = "0.0.0.0"; + listenPort = listenPort; + }; + }; + + client = { config, pkgs, ... }: { + programs.nbd.enable = true; + }; + }; + + testScript = '' + testString = "${testString}" + + start_all() + server.wait_for_open_port(${toString listenPort}) + + # Client: Connect to the server, write a small string to the nbd disk, and cleanly disconnect + client.succeed("nbd-client server ${toString listenPort} /dev/nbd0 -name vault-pub -persist") + client.succeed(f"echo '{testString}' | dd of=/dev/nbd0 conv=notrunc") + client.succeed("nbd-client -d /dev/nbd0") + + # Server: Check that the string written by the client is indeed in the file + foundString = server.succeed(f"dd status=none if=/vault-pub.disk count={len(testString)}")[:len(testString)] + if foundString != testString: + raise Exception(f"Read the wrong string from nbd disk. Expected: '{testString}'. Found: '{foundString}'") + + # Client: Fail to connect to the private disk + client.fail("nbd-client server ${toString listenPort} /dev/nbd0 -name vault-priv -persist") + + # Server: Successfully connect to the private disk + server.succeed("nbd-client localhost ${toString listenPort} /dev/nbd0 -name vault-priv -persist") + server.succeed(f"echo '{testString}' | dd of=/dev/nbd0 conv=notrunc") + foundString = server.succeed(f"dd status=none if=/dev/loop0 count={len(testString)}")[:len(testString)] + if foundString != testString: + raise Exception(f"Read the wrong string from nbd disk. Expected: '{testString}'. Found: '{foundString}'") + server.succeed("nbd-client -d /dev/nbd0") + ''; + }) diff --git a/nixpkgs/nixos/tests/networking.nix b/nixpkgs/nixos/tests/networking.nix index 2510937b5dcd..8c9df19f2d58 100644 --- a/nixpkgs/nixos/tests/networking.nix +++ b/nixpkgs/nixos/tests/networking.nix @@ -246,13 +246,13 @@ let networking = { useNetworkd = networkd; useDHCP = false; - bonds.bond = { + bonds.bond0 = { interfaces = [ "eth1" "eth2" ]; - driverOptions.mode = "balance-rr"; + driverOptions.mode = "802.3ad"; }; interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; - interfaces.bond.ipv4.addresses = mkOverride 0 + interfaces.bond0.ipv4.addresses = mkOverride 0 [ { inherit address; prefixLength = 30; } ]; }; }; @@ -274,6 +274,10 @@ let client2.wait_until_succeeds("ping -c 2 192.168.1.1") client2.wait_until_succeeds("ping -c 2 192.168.1.2") + + with subtest("Verify bonding mode"): + for client in client1, client2: + client.succeed('grep -q "Bonding Mode: IEEE 802.3ad Dynamic link aggregation" /proc/net/bonding/bond0') ''; }; bridge = let @@ -864,7 +868,7 @@ let print(client.succeed("ip l add name foo type dummy")) print(client.succeed("stat /etc/systemd/network/50-foo.link")) client.succeed("udevadm settle") - assert "mtu 1442" in client.succeed("ip l show dummy0") + assert "mtu 1442" in client.succeed("ip l show dev foo") ''; }; wlanInterface = let diff --git a/nixpkgs/nixos/tests/nginx-modsecurity.nix b/nixpkgs/nixos/tests/nginx-modsecurity.nix new file mode 100644 index 000000000000..8c53c0196d4c --- /dev/null +++ b/nixpkgs/nixos/tests/nginx-modsecurity.nix @@ -0,0 +1,39 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "nginx-modsecurity"; + + machine = { config, lib, pkgs, ... }: { + services.nginx = { + enable = true; + additionalModules = [ pkgs.nginxModules.modsecurity-nginx ]; + virtualHosts.localhost = + let modsecurity_conf = pkgs.writeText "modsecurity.conf" '' + SecRuleEngine On + SecDefaultAction "phase:1,log,auditlog,deny,status:403" + SecDefaultAction "phase:2,log,auditlog,deny,status:403" + SecRule REQUEST_METHOD "HEAD" "id:100, phase:1, block" + SecRule REQUEST_FILENAME "secret.html" "id:101, phase:2, block" + ''; + testroot = pkgs.runCommand "testroot" {} '' + mkdir -p $out + echo "<html><body>Hello World!</body></html>" > $out/index.html + echo "s3cret" > $out/secret.html + ''; + in { + root = testroot; + extraConfig = '' + modsecurity on; + modsecurity_rules_file ${modsecurity_conf}; + ''; + }; + }; + }; + testScript = '' + machine.wait_for_unit("nginx") + + response = machine.wait_until_succeeds("curl -fvvv -s http://127.0.0.1/") + assert "Hello World!" in response + + machine.fail("curl -fvvv -X HEAD -s http://127.0.0.1/") + machine.fail("curl -fvvv -s http://127.0.0.1/secret.html") + ''; +}) diff --git a/nixpkgs/nixos/tests/nixops/default.nix b/nixpkgs/nixos/tests/nixops/default.nix index b25fc95f4b30..f0834c51f0b4 100644 --- a/nixpkgs/nixos/tests/nixops/default.nix +++ b/nixpkgs/nixos/tests/nixops/default.nix @@ -9,7 +9,7 @@ let # - Alternatively, blocked on a NixOps 2 release # https://github.com/NixOS/nixops/issues/1242 # stable = testsLegacyNetwork { nixopsPkg = pkgs.nixops; }; - unstable = testsForPackage { nixopsPkg = pkgs.nixopsUnstable; }; + unstable = testsForPackage { nixopsPkg = pkgs.nixops_unstable; }; # inherit testsForPackage; }; diff --git a/nixpkgs/nixos/tests/pgadmin4-standalone.nix b/nixpkgs/nixos/tests/pgadmin4-standalone.nix new file mode 100644 index 000000000000..442570c5306b --- /dev/null +++ b/nixpkgs/nixos/tests/pgadmin4-standalone.nix @@ -0,0 +1,43 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + # This is seperate from pgadmin4 since we don't want both running at once + + { + name = "pgadmin4-standalone"; + meta.maintainers = with lib.maintainers; [ mkg20001 ]; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + curl + ]; + + services.postgresql = { + enable = true; + + authentication = '' + host all all localhost trust + ''; + + ensureUsers = [ + { + name = "postgres"; + ensurePermissions = { + "DATABASE \"postgres\"" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.pgadmin = { + enable = true; + initialEmail = "bruh@localhost.de"; + initialPasswordFile = pkgs.writeText "pw" "bruh2012!"; + }; + }; + + testScript = '' + machine.wait_for_unit("postgresql") + machine.wait_for_unit("pgadmin") + + machine.wait_until_succeeds("curl -s localhost:5050") + ''; + }) diff --git a/nixpkgs/nixos/tests/pgadmin4.nix b/nixpkgs/nixos/tests/pgadmin4.nix new file mode 100644 index 000000000000..658315d3ac0c --- /dev/null +++ b/nixpkgs/nixos/tests/pgadmin4.nix @@ -0,0 +1,142 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + + let + pgadmin4SrcDir = "/pgadmin"; + pgadmin4Dir = "/var/lib/pgadmin"; + pgadmin4LogDir = "/var/log/pgadmin"; + + python-with-needed-packages = pkgs.python3.withPackages (ps: with ps; [ + selenium + testtools + testscenarios + flask + flask-babelex + flask-babel + flask-gravatar + flask_login + flask_mail + flask_migrate + flask_sqlalchemy + flask_wtf + flask-compress + passlib + pytz + simplejson + six + sqlparse + wtforms + flask-paranoid + psutil + psycopg2 + python-dateutil + sqlalchemy + itsdangerous + flask-security-too + bcrypt + cryptography + sshtunnel + ldap3 + gssapi + flask-socketio + eventlet + httpagentparser + user-agents + wheel + authlib + qrcode + pillow + pyotp + ]); + in + { + name = "pgadmin4"; + meta.maintainers = with lib.maintainers; [ gador ]; + + nodes.machine = { pkgs, ... }: { + imports = [ ./common/x11.nix ]; + environment.systemPackages = with pkgs; [ + pgadmin4 + postgresql + python-with-needed-packages + chromedriver + chromium + ]; + services.postgresql = { + enable = true; + authentication = '' + host all all localhost trust + ''; + ensureUsers = [ + { + name = "postgres"; + ensurePermissions = { + "DATABASE \"postgres\"" = "ALL PRIVILEGES"; + }; + } + ]; + }; + }; + + testScript = '' + machine.wait_for_unit("postgresql") + + # pgadmin4 needs its data and log directories + machine.succeed( + "mkdir -p ${pgadmin4Dir} \ + && mkdir -p ${pgadmin4LogDir} \ + && mkdir -p ${pgadmin4SrcDir}" + ) + + machine.succeed( + "tar xvzf ${pkgs.pgadmin4.src} -C ${pgadmin4SrcDir}" + ) + + machine.wait_for_file("${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/README.md") + + # set paths and config for tests + machine.succeed( + "cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \ + && cp -v web/regression/test_config.json.in web/regression/test_config.json \ + && sed -i 's|PostgreSQL 9.4|PostgreSQL|' web/regression/test_config.json \ + && sed -i 's|/opt/PostgreSQL/9.4/bin/|${pkgs.postgresql}/bin|' web/regression/test_config.json \ + && sed -i 's|\"headless_chrome\": false|\"headless_chrome\": true|' web/regression/test_config.json" + ) + + # adapt chrome config to run within a sandbox without GUI + # see https://stackoverflow.com/questions/50642308/webdriverexception-unknown-error-devtoolsactiveport-file-doesnt-exist-while-t#50642913 + # add chrome binary path. use spaces to satisfy python indention (tabs throw an error) + # this works for selenium 3 (currently used), but will need to be updated + # to work with "from selenium.webdriver.chrome.service import Service" in selenium 4 + machine.succeed( + "cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version} \ + && sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.binary_location = \"${pkgs.chromium}/bin/chromium\"' web/regression/runtests.py \ + && sed -i '\|options.add_argument(\"--no-sandbox\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--headless\")' web/regression/runtests.py \ + && sed -i '\|options.add_argument(\"--disable-infobars\")|a \ \ \ \ \ \ \ \ options.add_argument(\"--disable-dev-shm-usage\")' web/regression/runtests.py \ + && sed -i 's|(chrome_options=options)|(executable_path=\"${pkgs.chromedriver}/bin/chromedriver\", chrome_options=options)|' web/regression/runtests.py \ + && sed -i 's|driver_local.maximize_window()||' web/regression/runtests.py" + ) + + # don't bother to test LDAP authentification + with subtest("run browser test"): + machine.succeed( + 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \ + && ${python-with-needed-packages.interpreter} regression/runtests.py --pkg browser --exclude \ + browser.tests.test_ldap_login.LDAPLoginTestCase,browser.tests.test_ldap_login' + ) + + # fontconfig is necessary for chromium to run + # https://github.com/NixOS/nixpkgs/issues/136207 + with subtest("run feature test"): + machine.succeed( + 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \ + && export FONTCONFIG_FILE=${pkgs.makeFontsConf { fontDirectories = [];}} \ + && ${python-with-needed-packages.interpreter} regression/runtests.py --pkg feature_tests' + ) + + with subtest("run resql test"): + machine.succeed( + 'cd ${pgadmin4SrcDir}/pgadmin4-${pkgs.pgadmin4.version}/web \ + && ${python-with-needed-packages.interpreter} regression/runtests.py --pkg resql' + ) + ''; + }) diff --git a/nixpkgs/nixos/tests/podman/default.nix b/nixpkgs/nixos/tests/podman/default.nix index b52a7f060ad6..67c7823c5a31 100644 --- a/nixpkgs/nixos/tests/podman/default.nix +++ b/nixpkgs/nixos/tests/podman/default.nix @@ -126,7 +126,7 @@ import ../make-test-python.nix ( podman.succeed("docker network create default") podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") podman.succeed( - "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10" ) podman.succeed("docker ps | grep sleeping") podman.succeed("podman ps | grep sleeping") diff --git a/nixpkgs/nixos/tests/podman/tls-ghostunnel.nix b/nixpkgs/nixos/tests/podman/tls-ghostunnel.nix index c0bc47cc40b1..268a55701ccf 100644 --- a/nixpkgs/nixos/tests/podman/tls-ghostunnel.nix +++ b/nixpkgs/nixos/tests/podman/tls-ghostunnel.nix @@ -129,7 +129,7 @@ import ../make-test-python.nix ( podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") client.succeed( - "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10" ) client.succeed("docker ps | grep sleeping") podman.succeed("docker ps | grep sleeping") diff --git a/nixpkgs/nixos/tests/prometheus-exporters.nix b/nixpkgs/nixos/tests/prometheus-exporters.nix index 323d79c5b86f..ce3b3fbf3bf3 100644 --- a/nixpkgs/nixos/tests/prometheus-exporters.nix +++ b/nixpkgs/nixos/tests/prometheus-exporters.nix @@ -933,6 +933,27 @@ let ''; }; + pve = let + pveExporterEnvFile = pkgs.writeTextFile { + name = "pve.env"; + text = '' + PVE_USER="test_user@pam" + PVE_PASSWORD="hunter3" + PVE_VERIFY_SSL="false" + ''; + }; + in { + exporterConfig = { + enable = true; + environmentFile = pveExporterEnvFile; + }; + exporterTest = '' + wait_for_unit("prometheus-pve-exporter.service") + wait_for_open_port(9221) + wait_until_succeeds("curl localhost:9221") + ''; + }; + py-air-control = { nodeName = "py_air_control"; exporterConfig = { @@ -1156,6 +1177,10 @@ let systemd = { exporterConfig = { enable = true; + + extraFlags = [ + "--collector.enable-restart-count" + ]; }; metricProvider = { }; exporterTest = '' @@ -1166,6 +1191,11 @@ let 'systemd_unit_state{name="basic.target",state="active",type="target"} 1' ) ) + succeed( + "curl -sSf localhost:9558/metrics | grep '{}'".format( + 'systemd_service_restart_total{state="prometheus-systemd-exporter.service"} 0' + ) + ) ''; }; diff --git a/nixpkgs/nixos/tests/shiori.nix b/nixpkgs/nixos/tests/shiori.nix index 418bee43c939..6c59c394009e 100644 --- a/nixpkgs/nixos/tests/shiori.nix +++ b/nixpkgs/nixos/tests/shiori.nix @@ -12,7 +12,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: authJSON = pkgs.writeText "auth.json" (builtins.toJSON { username = "shiori"; password = "gopher"; - remember = 1; # hour owner = true; }); diff --git a/nixpkgs/nixos/tests/switch-test.nix b/nixpkgs/nixos/tests/switch-test.nix index 4f297b6521d1..93eee4babc2d 100644 --- a/nixpkgs/nixos/tests/switch-test.nix +++ b/nixpkgs/nixos/tests/switch-test.nix @@ -1,6 +1,46 @@ # Test configuration switching. -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, ...} : let + + # Simple service that can either be socket-activated or that will + # listen on port 1234 if not socket-activated. + # A connection to the socket causes 'hello' to be written to the client. + socketTest = pkgs.writeScript "socket-test.py" /* python */ '' + #!${pkgs.python3}/bin/python3 + + from socketserver import TCPServer, StreamRequestHandler + import socket + import os + + + class Handler(StreamRequestHandler): + def handle(self): + self.wfile.write("hello".encode("utf-8")) + + + class Server(TCPServer): + def __init__(self, server_address, handler_cls): + listenFds = os.getenv('LISTEN_FDS') + if listenFds is None or int(listenFds) < 1: + print(f'Binding to {server_address}') + TCPServer.__init__( + self, server_address, handler_cls, bind_and_activate=True) + else: + TCPServer.__init__( + self, server_address, handler_cls, bind_and_activate=False) + # Override socket + print(f'Got activated by {os.getenv("LISTEN_FDNAMES")} ' + f'with {listenFds} FDs') + self.socket = socket.fromfd(3, self.address_family, + self.socket_type) + + + if __name__ == "__main__": + server = Server(("localhost", 1234), Handler) + server.serve_forever() + ''; + +in { name = "switch-test"; meta = with pkgs.lib.maintainers; { maintainers = [ gleber das_j ]; @@ -8,6 +48,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { nodes = { machine = { pkgs, lib, ... }: { + environment.systemPackages = [ pkgs.socat ]; # for the socket activation stuff users.mutableUsers = false; specialisation = rec { @@ -23,6 +64,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; }; + simpleServiceDifferentDescription.configuration = { + imports = [ simpleService.configuration ]; + systemd.services.test.description = "Test unit"; + }; + simpleServiceModified.configuration = { imports = [ simpleService.configuration ]; systemd.services.test.serviceConfig.X-Test = true; @@ -162,6 +208,39 @@ import ./make-test-python.nix ({ pkgs, ...} : { systemd.services."escaped\\x2ddash".serviceConfig.X-Test = "test"; }; + unitWithRequirement.configuration = { + systemd.services.required-service = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + ExecReload = "${pkgs.coreutils}/bin/true"; + }; + }; + systemd.services.test-service = { + wantedBy = [ "multi-user.target" ]; + requires = [ "required-service.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.coreutils}/bin/true"; + ExecReload = "${pkgs.coreutils}/bin/true"; + }; + }; + }; + + unitWithRequirementModified.configuration = { + imports = [ unitWithRequirement.configuration ]; + systemd.services.required-service.serviceConfig.X-Test = "test"; + systemd.services.test-service.reloadTriggers = [ "test" ]; + }; + + unitWithRequirementModifiedNostart.configuration = { + imports = [ unitWithRequirement.configuration ]; + systemd.services.test-service.unitConfig.RefuseManualStart = true; + }; + restart-and-reload-by-activation-script.configuration = { systemd.services = rec { simple-service = { @@ -231,6 +310,40 @@ import ./make-test-python.nix ({ pkgs, ...} : { systemd.services.reload-triggers-and-restart.serviceConfig.X-Modified = "test"; }; + simple-socket.configuration = { + systemd.services.socket-activated = { + description = "A socket-activated service"; + stopIfChanged = lib.mkDefault false; + serviceConfig = { + ExecStart = socketTest; + ExecReload = "${pkgs.coreutils}/bin/true"; + }; + }; + systemd.sockets.socket-activated = { + wantedBy = [ "sockets.target" ]; + listenStreams = [ "/run/test.sock" ]; + socketConfig.SocketMode = lib.mkDefault "0777"; + }; + }; + + simple-socket-service-modified.configuration = { + imports = [ simple-socket.configuration ]; + systemd.services.socket-activated.serviceConfig.X-Test = "test"; + }; + + simple-socket-stop-if-changed.configuration = { + imports = [ simple-socket.configuration ]; + systemd.services.socket-activated.stopIfChanged = true; + }; + + simple-socket-stop-if-changed-and-reloadtrigger.configuration = { + imports = [ simple-socket.configuration ]; + systemd.services.socket-activated = { + stopIfChanged = true; + reloadTriggers = [ "test" ]; + }; + }; + mount.configuration = { systemd.mounts = [ { @@ -275,6 +388,31 @@ import ./make-test-python.nix ({ pkgs, ...} : { systemd.timers.test-timer.timerConfig.OnCalendar = lib.mkForce "Fri 2012-11-23 16:00:00"; }; + hybridSleepModified.configuration = { + systemd.targets.hybrid-sleep.unitConfig.X-Test = true; + }; + + target.configuration = { + systemd.targets.test-target.wantedBy = [ "multi-user.target" ]; + # We use this service to figure out whether the target was modified. + # This is the only way because targets are filtered and therefore not + # printed when they are started/stopped. + systemd.services.test-service = { + bindsTo = [ "test-target.target" ]; + serviceConfig.ExecStart = "${pkgs.coreutils}/bin/sleep infinity"; + }; + }; + + targetModified.configuration = { + imports = [ target.configuration ]; + systemd.targets.test-target.unitConfig.X-Test = true; + }; + + targetModifiedStopOnReconfig.configuration = { + imports = [ target.configuration ]; + systemd.targets.test-target.unitConfig.X-StopOnReconfiguration = true; + }; + path.configuration = { systemd.paths.test-watch = { wantedBy = [ "paths.target" ]; @@ -283,6 +421,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { systemd.services.test-watch = { serviceConfig = { Type = "oneshot"; + RemainAfterExit = true; ExecStart = "${pkgs.coreutils}/bin/touch /testpath-modified"; }; }; @@ -377,7 +516,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Start a simple service out = switch_to_specialisation("${machine}", "simpleService") @@ -387,7 +525,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: test.service\n") - assert_lacks(out, "as well:") # Not changing anything doesn't do anything out = switch_to_specialisation("${machine}", "simpleService") @@ -397,7 +534,15 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") + + # Only changing the description does nothing + out = switch_to_specialisation("${machine}", "simpleServiceDifferentDescription") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") # Restart the simple service out = switch_to_specialisation("${machine}", "simpleServiceModified") @@ -407,7 +552,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_contains(out, "\nstarting the following units: test.service\n") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Restart the service with stopIfChanged=false out = switch_to_specialisation("${machine}", "simpleServiceNostop") @@ -417,7 +561,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Reload the service with reloadIfChanged=true out = switch_to_specialisation("${machine}", "simpleServiceReload") @@ -427,7 +570,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Nothing happens when restartIfChanged=false out = switch_to_specialisation("${machine}", "simpleServiceNorestart") @@ -437,7 +579,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Dry mode shows different messages out = switch_to_specialisation("${machine}", "simpleService", action="dry-activate") @@ -447,7 +588,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") assert_contains(out, "would start the following units: test.service\n") # Ensure \ works in unit names @@ -458,7 +598,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: escaped\\x2ddash.service\n") - assert_lacks(out, "as well:") out = switch_to_specialisation("${machine}", "unitWithBackslashModified") assert_contains(out, "stopping the following units: escaped\\x2ddash.service\n") @@ -467,7 +606,32 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_contains(out, "\nstarting the following units: escaped\\x2ddash.service\n") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") + + # Ensure units that require changed units are properly reloaded + out = switch_to_specialisation("${machine}", "unitWithRequirement") + assert_contains(out, "stopping the following units: escaped\\x2ddash.service\n") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_contains(out, "the following new units were started: required-service.service, test-service.service\n") + + out = switch_to_specialisation("${machine}", "unitWithRequirementModified") + assert_contains(out, "stopping the following units: required-service.service\n") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_contains(out, "\nstarting the following units: required-service.service, test-service.service\n") + assert_lacks(out, "the following new units were started:") + + # Unless the unit asks to be not restarted + out = switch_to_specialisation("${machine}", "unitWithRequirementModifiedNostart") + assert_contains(out, "stopping the following units: required-service.service\n") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_contains(out, "\nstarting the following units: required-service.service\n") + assert_lacks(out, "the following new units were started:") with subtest("failing units"): # Let the simple service fail @@ -481,7 +645,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "the following new units were started:") assert_contains(out, "warning: the following units failed: test.service\n") assert_contains(out, "Main PID:") # output of systemctl - assert_lacks(out, "as well:") # A unit that gets into autorestart without failing is not treated as failed out = switch_to_specialisation("${machine}", "autorestartService") @@ -491,7 +654,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: autorestart.service\n") - assert_lacks(out, "as well:") machine.systemctl('stop autorestart.service') # cancel the 20y timer # Switching to the same system should do nothing (especially not treat the unit as failed) @@ -502,7 +664,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: autorestart.service\n") - assert_lacks(out, "as well:") machine.systemctl('stop autorestart.service') # cancel the 20y timer # If systemd thinks the unit has failed and is in autorestart, we should show it as failed @@ -515,7 +676,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "the following new units were started:") assert_contains(out, "warning: the following units failed: autorestart.service\n") assert_contains(out, "Main PID:") # output of systemctl - assert_lacks(out, "as well:") with subtest("unit file parser"): # Switch to a well-known state @@ -529,7 +689,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Rename it out = switch_to_specialisation("${machine}", "simpleServiceWithExtraSectionOtherName") @@ -539,7 +698,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Remove it out = switch_to_specialisation("${machine}", "simpleServiceNostop") @@ -549,7 +707,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # [Install] section is ignored out = switch_to_specialisation("${machine}", "simpleServiceWithInstallSection") @@ -559,7 +716,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Add a key out = switch_to_specialisation("${machine}", "simpleServiceWithExtraKey") @@ -569,7 +725,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Change its value out = switch_to_specialisation("${machine}", "simpleServiceWithExtraKeyOtherValue") @@ -579,7 +734,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Rename it out = switch_to_specialisation("${machine}", "simpleServiceWithExtraKeyOtherName") @@ -589,7 +743,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Remove it out = switch_to_specialisation("${machine}", "simpleServiceNostop") @@ -599,7 +752,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Add a reload trigger out = switch_to_specialisation("${machine}", "simpleServiceReloadTrigger") @@ -609,7 +761,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Modify the reload trigger out = switch_to_specialisation("${machine}", "simpleServiceReloadTriggerModified") @@ -619,7 +770,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Modify the reload trigger and something else out = switch_to_specialisation("${machine}", "simpleServiceReloadTriggerModifiedAndSomethingElse") @@ -629,7 +779,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "\nrestarting the following units: test.service\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # Remove the reload trigger out = switch_to_specialisation("${machine}", "simpleServiceReloadTriggerModifiedSomethingElse") @@ -639,7 +788,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") with subtest("restart and reload by activation script"): switch_to_specialisation("${machine}", "simpleServiceNorestart") @@ -649,7 +797,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "reloading the following units:") assert_lacks(out, "restarting the following units:") assert_contains(out, "\nstarting the following units: no-restart-service.service, reload-triggers-and-restart-by-as.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n") - assert_lacks(out, "as well:") + assert_contains(out, "the following new units were started: no-restart-service.service, reload-triggers-and-restart-by-as.service, reload-triggers-and-restart.service, reload-triggers.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n") # Switch to the same system where the example services get restarted # and reloaded by the activation script out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script") @@ -658,7 +806,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "reloading the following units: reload-triggers-and-restart.service, reload-triggers.service, simple-reload-service.service\n") assert_contains(out, "restarting the following units: reload-triggers-and-restart-by-as.service, simple-restart-service.service, simple-service.service\n") assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "as well:") + assert_lacks(out, "the following new units were started:") # Switch to the same system and see if the service gets restarted when it's modified # while the fact that it's supposed to be reloaded by the activation script is ignored. out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script-modified") @@ -667,7 +815,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "reloading the following units: reload-triggers.service, simple-reload-service.service\n") assert_contains(out, "restarting the following units: reload-triggers-and-restart-by-as.service, reload-triggers-and-restart.service, simple-restart-service.service, simple-service.service\n") assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "as well:") + assert_lacks(out, "the following new units were started:") # The same, but in dry mode out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script", action="dry-activate") assert_lacks(out, "would stop the following units:") @@ -675,7 +823,71 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "would reload the following units: reload-triggers.service, simple-reload-service.service\n") assert_contains(out, "would restart the following units: reload-triggers-and-restart-by-as.service, reload-triggers-and-restart.service, simple-restart-service.service, simple-service.service\n") assert_lacks(out, "\nwould start the following units:") - assert_lacks(out, "as well:") + + with subtest("socket-activated services"): + # Socket-activated services don't get started, just the socket + machine.fail("[ -S /run/test.sock ]") + out = switch_to_specialisation("${machine}", "simple-socket") + # assert_lacks(out, "stopping the following units:") not relevant + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_contains(out, "the following new units were started: socket-activated.socket\n") + machine.succeed("[ -S /run/test.sock ]") + + # Changing a non-activated service does nothing + out = switch_to_specialisation("${machine}", "simple-socket-service-modified") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + machine.succeed("[ -S /run/test.sock ]") + # The unit is properly activated when the socket is accessed + if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": + raise Exception("Socket was not properly activated") # idk how that would happen tbh + + # Changing an activated service with stopIfChanged=false restarts the service + out = switch_to_specialisation("${machine}", "simple-socket") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_contains(out, "\nrestarting the following units: socket-activated.service\n") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + machine.succeed("[ -S /run/test.sock ]") + # Socket-activation of the unit still works + if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": + raise Exception("Socket was not properly activated after the service was restarted") + + # Changing an activated service with stopIfChanged=true stops the service and + # socket and starts the socket + out = switch_to_specialisation("${machine}", "simple-socket-stop-if-changed") + assert_contains(out, "stopping the following units: socket-activated.service, socket-activated.socket\n") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_contains(out, "\nstarting the following units: socket-activated.socket\n") + assert_lacks(out, "the following new units were started:") + machine.succeed("[ -S /run/test.sock ]") + # Socket-activation of the unit still works + if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": + raise Exception("Socket was not properly activated after the service was restarted") + + # Changing a reload trigger of a socket-activated unit only reloads it + out = switch_to_specialisation("${machine}", "simple-socket-stop-if-changed-and-reloadtrigger") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_contains(out, "reloading the following units: socket-activated.service\n") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units: socket-activated.socket") + assert_lacks(out, "the following new units were started:") + machine.succeed("[ -S /run/test.sock ]") + # Socket-activation of the unit still works + if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": + raise Exception("Socket was not properly activated after the service was restarted") with subtest("mounts"): switch_to_specialisation("${machine}", "mount") @@ -688,7 +900,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # It changed out = machine.succeed("mount | grep 'on /testmount'") assert_contains(out, "size=10240k") @@ -699,15 +910,64 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_contains(out, "OnCalendar=2014-03-25 02:59:56 UTC") out = switch_to_specialisation("${machine}", "timerModified") assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following units:") assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: test-timer.timer\n") + assert_contains(out, "\nrestarting the following units: test-timer.timer\n") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") # It changed out = machine.succeed("systemctl show test-timer.timer") assert_contains(out, "OnCalendar=Fri 2012-11-23 16:00:00") + with subtest("targets"): + # Modifying some special targets like hybrid-sleep.target does nothing + out = switch_to_specialisation("${machine}", "hybridSleepModified") + assert_contains(out, "stopping the following units: test-timer.timer\n") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + + # Adding a new target starts it + out = switch_to_specialisation("${machine}", "target") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_contains(out, "the following new units were started: test-target.target\n") + + # Changing a target doesn't print anything because the unit is filtered + machine.systemctl("start test-service.service") + out = switch_to_specialisation("${machine}", "targetModified") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + machine.succeed("systemctl is-active test-service.service") # target was not restarted + + # With X-StopOnReconfiguration, the target gets stopped and started + out = switch_to_specialisation("${machine}", "targetModifiedStopOnReconfig") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") + machine.fail("systemctl is-active test-service.servce") # target was restarted + + # Remove the target by switching to the old specialisation + out = switch_to_specialisation("${machine}", "timerModified") + assert_contains(out, "stopping the following units: test-target.target\n") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_contains(out, "the following new units were started: test-timer.timer\n") + with subtest("paths"): out = switch_to_specialisation("${machine}", "path") assert_contains(out, "stopping the following units: test-timer.timer\n") @@ -715,14 +975,14 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert_lacks(out, "reloading the following units:") assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") - assert_contains(out, "the following new units were started: test-watch.path") - assert_lacks(out, "as well:") + assert_contains(out, "the following new units were started: test-watch.path\n") machine.fail("test -f /testpath-modified") # touch the file, unit should be triggered machine.succeed("touch /testpath") machine.wait_until_succeeds("test -f /testpath-modified") machine.succeed("rm /testpath /testpath-modified") + machine.systemctl("stop test-watch.service") switch_to_specialisation("${machine}", "pathModified") machine.succeed("touch /testpath") machine.fail("test -f /testpath-modified") @@ -737,8 +997,21 @@ import ./make-test-python.nix ({ pkgs, ...} : { with subtest("slices"): machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # allow OOMing out = switch_to_specialisation("${machine}", "slice") + # assert_lacks(out, "stopping the following units:") not relevant + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") machine.fail("systemctl start testservice.service") + out = switch_to_specialisation("${machine}", "sliceModified") + assert_lacks(out, "stopping the following units:") + assert_lacks(out, "NOT restarting the following changed units:") + assert_lacks(out, "reloading the following units:") + assert_lacks(out, "\nrestarting the following units:") + assert_lacks(out, "\nstarting the following units:") + assert_lacks(out, "the following new units were started:") machine.succeed("systemctl start testservice.service") machine.succeed("echo 1 > /proc/sys/vm/panic_on_oom") # disallow OOMing ''; diff --git a/nixpkgs/nixos/tests/systemd-confinement.nix b/nixpkgs/nixos/tests/systemd-confinement.nix index 8fafb11e1e8c..3181af309a6e 100644 --- a/nixpkgs/nixos/tests/systemd-confinement.nix +++ b/nixpkgs/nixos/tests/systemd-confinement.nix @@ -17,15 +17,19 @@ import ./make-test-python.nix { exit "''${ret:-1}" ''; - mkTestStep = num: { config ? {}, testScript }: { - systemd.sockets."test${toString num}" = { + mkTestStep = num: { + testScript, + config ? {}, + serviceName ? "test${toString num}", + }: { + systemd.sockets.${serviceName} = { description = "Socket for Test Service ${toString num}"; wantedBy = [ "sockets.target" ]; socketConfig.ListenStream = "/run/test${toString num}.sock"; socketConfig.Accept = true; }; - systemd.services."test${toString num}@" = { + systemd.services."${serviceName}@" = { description = "Confined Test Service ${toString num}"; confinement = (config.confinement or {}) // { enable = true; }; serviceConfig = (config.serviceConfig or {}) // { @@ -135,6 +139,16 @@ import ./make-test-python.nix { machine.succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" = eek') ''; } + { serviceName = "shipped-unitfile"; + config.confinement.mode = "chroot-only"; + testScript = '' + with subtest("check if shipped unit file still works"): + machine.succeed( + 'chroot-exec \'kill -9 $$ 2>&1 || :\' | ' + 'grep -q "Too many levels of symbolic links"' + ) + ''; + } ]; options.__testSteps = lib.mkOption { @@ -143,6 +157,15 @@ import ./make-test-python.nix { }; config.environment.systemPackages = lib.singleton testClient; + config.systemd.packages = lib.singleton (pkgs.writeTextFile { + name = "shipped-unitfile"; + destination = "/etc/systemd/system/shipped-unitfile@.service"; + text = '' + [Service] + SystemCallFilter=~kill + SystemCallErrorNumber=ELOOP + ''; + }); config.users.groups.chroot-testgroup = {}; config.users.users.chroot-testuser = { diff --git a/nixpkgs/nixos/tests/systemd-escaping.nix b/nixpkgs/nixos/tests/systemd-escaping.nix new file mode 100644 index 000000000000..7f93eb5e4f70 --- /dev/null +++ b/nixpkgs/nixos/tests/systemd-escaping.nix @@ -0,0 +1,45 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +let + echoAll = pkgs.writeScript "echo-all" '' + #! ${pkgs.runtimeShell} + for s in "$@"; do + printf '%s\n' "$s" + done + ''; + # deliberately using a local empty file instead of pkgs.emptyFile to have + # a non-store path in the test + args = [ "a%Nything" "lang=\${LANG}" ";" "/bin/sh -c date" ./empty-file 4.2 23 ]; +in +{ + name = "systemd-escaping"; + + machine = { pkgs, lib, utils, ... }: { + systemd.services.echo = + assert !(builtins.tryEval (utils.escapeSystemdExecArgs [ [] ])).success; + assert !(builtins.tryEval (utils.escapeSystemdExecArgs [ {} ])).success; + assert !(builtins.tryEval (utils.escapeSystemdExecArgs [ null ])).success; + assert !(builtins.tryEval (utils.escapeSystemdExecArgs [ false ])).success; + assert !(builtins.tryEval (utils.escapeSystemdExecArgs [ (_:_) ])).success; + { description = "Echo to the journal"; + serviceConfig.Type = "oneshot"; + serviceConfig.ExecStart = '' + ${echoAll} ${utils.escapeSystemdExecArgs args} + ''; + }; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + machine.succeed("systemctl start echo.service") + # skip the first 'Starting <service> ...' line + logs = machine.succeed("journalctl -u echo.service -o cat").splitlines()[1:] + assert "a%Nything" == logs[0] + assert "lang=''${LANG}" == logs[1] + assert ";" == logs[2] + assert "/bin/sh -c date" == logs[3] + assert "/nix/store/ij3gw72f4n5z4dz6nnzl1731p9kmjbwr-empty-file" == logs[4] + assert "4.2" in logs[5] # toString produces extra fractional digits! + assert "23" == logs[6] + ''; +}) diff --git a/nixpkgs/nixos/tests/tinywl.nix b/nixpkgs/nixos/tests/tinywl.nix index b286cab77945..8fb87b533306 100644 --- a/nixpkgs/nixos/tests/tinywl.nix +++ b/nixpkgs/nixos/tests/tinywl.nix @@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: # Automatically login on tty1 as a normal user: imports = [ ./common/user-account.nix ]; services.getty.autologinUser = "alice"; + security.polkit.enable = true; environment = { systemPackages = with pkgs; [ tinywl foot wayland-utils ]; diff --git a/nixpkgs/nixos/tests/tomcat.nix b/nixpkgs/nixos/tests/tomcat.nix new file mode 100644 index 000000000000..e383f224e3d1 --- /dev/null +++ b/nixpkgs/nixos/tests/tomcat.nix @@ -0,0 +1,21 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +{ + name = "tomcat"; + + machine = { pkgs, ... }: { + services.tomcat.enable = true; + }; + + testScript = '' + machine.wait_for_unit("tomcat.service") + machine.wait_for_open_port(8080) + machine.wait_for_file("/var/tomcat/webapps/examples"); + machine.succeed( + "curl --fail http://localhost:8080/examples/servlets/servlet/HelloWorldExample | grep 'Hello World!'" + ) + machine.succeed( + "curl --fail http://localhost:8080/examples/jsp/jsp2/simpletag/hello.jsp | grep 'Hello, world!'" + ) + ''; +}) diff --git a/nixpkgs/nixos/tests/vsftpd.nix b/nixpkgs/nixos/tests/vsftpd.nix new file mode 100644 index 000000000000..4bea27f0eb10 --- /dev/null +++ b/nixpkgs/nixos/tests/vsftpd.nix @@ -0,0 +1,42 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "vsftpd"; + + nodes = { + server = { + services.vsftpd = { + enable = true; + userlistDeny = false; + localUsers = true; + userlist = [ "ftp-test-user" ]; + writeEnable = true; + localRoot = "/tmp"; + }; + networking.firewall.enable = false; + + users = { + users.ftp-test-user = { + isSystemUser = true; + password = "ftp-test-password"; + group = "ftp-test-group"; + }; + groups.ftp-test-group = {}; + }; + }; + + client = {}; + }; + + testScript = '' + client.start() + server.wait_for_unit("vsftpd") + server.wait_for_open_port("21") + + client.succeed("curl -u ftp-test-user:ftp-test-password ftp://server") + client.succeed('echo "this is a test" > /tmp/test.file.up') + client.succeed("curl -v -T /tmp/test.file.up -u ftp-test-user:ftp-test-password ftp://server") + client.succeed("curl -u ftp-test-user:ftp-test-password ftp://server/test.file.up > /tmp/test.file.down") + client.succeed("diff /tmp/test.file.up /tmp/test.file.down") + assert client.succeed("cat /tmp/test.file.up") == server.succeed("cat /tmp/test.file.up") + assert client.succeed("cat /tmp/test.file.down") == server.succeed("cat /tmp/test.file.up") + ''; +}) diff --git a/nixpkgs/nixos/tests/zammad.nix b/nixpkgs/nixos/tests/zammad.nix new file mode 100644 index 000000000000..4e466f6e3b9b --- /dev/null +++ b/nixpkgs/nixos/tests/zammad.nix @@ -0,0 +1,60 @@ +import ./make-test-python.nix ( + { lib, pkgs, ... }: + + { + name = "zammad"; + + meta.maintainers = with lib.maintainers; [ garbas taeer ]; + + nodes.machine = { config, ... }: { + services.zammad.enable = true; + services.zammad.secretKeyBaseFile = pkgs.writeText "secret" '' + 52882ef142066e09ab99ce816ba72522e789505caba224a52d750ec7dc872c2c371b2fd19f16b25dfbdd435a4dd46cb3df9f82eb63fafad715056bdfe25740d6 + ''; + + systemd.services.zammad-locale-cheat = + let cfg = config.services.zammad; in + { + serviceConfig = { + Type = "simple"; + Restart = "always"; + + User = "zammad"; + Group = "zammad"; + PrivateTmp = true; + StateDirectory = "zammad"; + WorkingDirectory = cfg.dataDir; + }; + wantedBy = [ "zammad-web.service" ]; + description = "Hack in the locale files so zammad doesn't try to access the internet"; + script = '' + mkdir -p ./config/translations + VERSION=$(cat ${cfg.package}/VERSION) + + # If these files are not in place, zammad will try to access the internet. + # For the test, we only need to supply en-us. + echo '[{"locale":"en-us","alias":"en","name":"English (United States)","active":true,"dir":"ltr"}]' \ + > ./config/locales-$VERSION.yml + echo '[{"locale":"en-us","format":"time","source":"date","target":"mm/dd/yyyy","target_initial":"mm/dd/yyyy"},{"locale":"en-us","format":"time","source":"timestamp","target":"mm/dd/yyyy HH:MM","target_initial":"mm/dd/yyyy HH:MM"}]' \ + > ./config/translations/en-us-$VERSION.yml + ''; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("postgresql.service") + machine.wait_for_unit("zammad-web.service") + machine.wait_for_unit("zammad-websocket.service") + machine.wait_for_unit("zammad-scheduler.service") + # wait for zammad to fully come up + machine.sleep(120) + + # without the grep the command does not produce valid utf-8 for some reason + with subtest("welcome screen loads"): + machine.succeed( + "curl -sSfL http://localhost:3000/ | grep '<title>Zammad Helpdesk</title>'" + ) + ''; + } +) |