diff options
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/common/letsencrypt.nix | 24 | ||||
-rw-r--r-- | nixos/tests/containers-tmpfs.nix | 2 | ||||
-rw-r--r-- | nixos/tests/docker-tools.nix | 18 | ||||
-rw-r--r-- | nixos/tests/grafana.nix | 2 | ||||
-rw-r--r-- | nixos/tests/hocker-fetchdocker/default.nix | 15 | ||||
-rw-r--r-- | nixos/tests/hocker-fetchdocker/hello-world-container.nix | 19 | ||||
-rw-r--r-- | nixos/tests/hocker-fetchdocker/machine.nix | 26 | ||||
-rw-r--r-- | nixos/tests/keymap.nix | 33 | ||||
-rw-r--r-- | nixos/tests/printing.nix | 4 | ||||
-rw-r--r-- | nixos/tests/pump.io.nix | 89 | ||||
-rw-r--r-- | nixos/tests/vault.nix | 4 | ||||
-rw-r--r-- | nixos/tests/virtualbox.nix | 3 | ||||
-rw-r--r-- | nixos/tests/xautolock.nix | 24 |
13 files changed, 129 insertions, 134 deletions
diff --git a/nixos/tests/common/letsencrypt.nix b/nixos/tests/common/letsencrypt.nix index 9b53d9d61a16..10cde45d18a8 100644 --- a/nixos/tests/common/letsencrypt.nix +++ b/nixos/tests/common/letsencrypt.nix @@ -138,8 +138,8 @@ let boulder = let owner = "letsencrypt"; repo = "boulder"; - rev = "9866abab8962a591f06db457a4b84c518cc88243"; - version = "20170510"; + rev = "9c6a1f2adc4c26d925588f5ae366cfd4efb7813a"; + version = "20180129"; in pkgs.buildGoPackage rec { name = "${repo}-${version}"; @@ -147,7 +147,7 @@ let src = pkgs.fetchFromGitHub { name = "${name}-src"; inherit rev owner repo; - sha256 = "170m5cjngbrm36wi7wschqw8jzs7kxpcyzmshq3pcrmcpigrhna1"; + sha256 = "09kszswrifm9rc6idfaq0p1mz5w21as2qbc8gd5pphrq9cf9pn55"; }; postPatch = '' @@ -168,6 +168,18 @@ let cat "${snakeOilCa}/ca.pem" > test/test-ca.pem ''; + # Until vendored pkcs11 is go 1.9 compatible + preBuild = '' + rm -r go/src/github.com/letsencrypt/boulder/vendor/github.com/miekg/pkcs11 + ''; + + extraSrcs = map mkGoDep [ + { goPackagePath = "github.com/miekg/pkcs11"; + rev = "6dbd569b952ec150d1425722dbbe80f2c6193f83"; + sha256 = "1m8g6fx7df6hf6q6zsbyw1icjmm52dmsx28rgb0h930wagvngfwb"; + } + ]; + goPackagePath = "github.com/${owner}/${repo}"; buildInputs = [ pkgs.libtool ]; }; @@ -284,7 +296,11 @@ let ocsp-updater.after = [ "boulder-publisher" ]; ocsp-responder.args = "--config ${cfgDir}/ocsp-responder.json"; ct-test-srv = {}; - mail-test-srv.args = "--closeFirst 5"; + mail-test-srv.args = let + key = "${boulderSource}/test/mail-test-srv/minica-key.pem"; + crt = "${boulderSource}/test/mail-test-srv/minica.pem"; + in + "--closeFirst 5 --cert ${crt} --key ${key}"; }; commonPath = [ softhsm pkgs.mariadb goose boulder ]; diff --git a/nixos/tests/containers-tmpfs.nix b/nixos/tests/containers-tmpfs.nix index 564831fa2737..873dd364369f 100644 --- a/nixos/tests/containers-tmpfs.nix +++ b/nixos/tests/containers-tmpfs.nix @@ -1,7 +1,7 @@ # Test for NixOS' container support. import ./make-test.nix ({ pkgs, ...} : { - name = "containers-bridge"; + name = "containers-tmpfs"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ckampka ]; }; diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index e52a4c3f884e..9135bca0f4f6 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -10,7 +10,7 @@ import ./make-test.nix ({ pkgs, ... }: { docker = { config, pkgs, ... }: { virtualisation = { - diskSize = 1024; + diskSize = 2048; docker.enable = true; }; }; @@ -21,19 +21,29 @@ import ./make-test.nix ({ pkgs, ... }: { $docker->waitForUnit("sockets.target"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'"); - $docker->succeed("docker run ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version"); + $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version"); + $docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}"); + # Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'"); - $docker->succeed("docker run ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}"); + $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}"); + $docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}"); # To test the pullImage tool $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nixFromDockerHub}'"); - $docker->succeed("docker run nixos/nix:1.11 nix-store --version"); + $docker->succeed("docker run --rm nixos/nix:1.11 nix-store --version"); + $docker->succeed("docker rmi nixos/nix:1.11"); # To test runAsRoot and entry point $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nginx}'"); $docker->succeed("docker run --name nginx -d -p 8000:80 ${pkgs.dockerTools.examples.nginx.imageName}"); $docker->waitUntilSucceeds('curl http://localhost:8000/'); $docker->succeed("docker rm --force nginx"); + $docker->succeed("docker rmi '${pkgs.dockerTools.examples.nginx.imageName}'"); + + # An pulled image can be used as base image + $docker->succeed("docker load --input='${pkgs.dockerTools.examples.onTopOfPulledImage}'"); + $docker->succeed("docker run --rm ontopofpulledimage hello"); + $docker->succeed("docker rmi ontopofpulledimage"); ''; }) diff --git a/nixos/tests/grafana.nix b/nixos/tests/grafana.nix index 16b8181498a6..d45776c3ee29 100644 --- a/nixos/tests/grafana.nix +++ b/nixos/tests/grafana.nix @@ -20,6 +20,6 @@ import ./make-test.nix ({ lib, ... }: $machine->start; $machine->waitForUnit("grafana.service"); $machine->waitForOpenPort(3000); - $machine->succeed("curl -sS http://127.0.0.1:3000/"); + $machine->succeed("curl -sSfL http://127.0.0.1:3000/"); ''; }) diff --git a/nixos/tests/hocker-fetchdocker/default.nix b/nixos/tests/hocker-fetchdocker/default.nix new file mode 100644 index 000000000000..4f30f01e4032 --- /dev/null +++ b/nixos/tests/hocker-fetchdocker/default.nix @@ -0,0 +1,15 @@ +import ../make-test.nix ({ pkgs, ...} : { + name = "test-hocker-fetchdocker"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ixmatus ]; + }; + + machine = import ./machine.nix; + + testScript = '' + startAll; + + $machine->waitForUnit("sockets.target"); + $machine->waitUntilSucceeds("docker run registry-1.docker.io/v2/library/hello-world:latest"); + ''; +}) diff --git a/nixos/tests/hocker-fetchdocker/hello-world-container.nix b/nixos/tests/hocker-fetchdocker/hello-world-container.nix new file mode 100644 index 000000000000..a127875264e9 --- /dev/null +++ b/nixos/tests/hocker-fetchdocker/hello-world-container.nix @@ -0,0 +1,19 @@ +{ fetchDockerConfig, fetchDockerLayer, fetchdocker }: +fetchdocker rec { + name = "hello-world"; + registry = "https://registry-1.docker.io/v2/"; + repository = "library"; + imageName = "hello-world"; + tag = "latest"; + imageConfig = fetchDockerConfig { + inherit tag registry repository imageName; + sha256 = "1ivbd23hyindkahzfw4kahgzi6ibzz2ablmgsz6340vc6qr1gagj"; + }; + imageLayers = let + layer0 = fetchDockerLayer { + inherit registry repository imageName; + layerDigest = "ca4f61b1923c10e9eb81228bd46bee1dfba02b9c7dac1844527a734752688ede"; + sha256 = "1plfd194fwvsa921ib3xkhms1yqxxrmx92r2h7myj41wjaqn2kya"; + }; + in [ layer0 ]; + } diff --git a/nixos/tests/hocker-fetchdocker/machine.nix b/nixos/tests/hocker-fetchdocker/machine.nix new file mode 100644 index 000000000000..12c58a012243 --- /dev/null +++ b/nixos/tests/hocker-fetchdocker/machine.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: +{ nixpkgs.config.packageOverrides = pkgs': { + hello-world-container = pkgs'.callPackage ./hello-world-container.nix { }; + }; + + virtualisation.docker = { + enable = true; + package = pkgs.docker; + }; + + systemd.services.docker-load-fetchdocker-image = { + description = "Docker load hello-world-container"; + wantedBy = [ "multi-user.target" ]; + wants = [ "docker.service" "local-fs.target" ]; + after = [ "docker.service" "local-fs.target" ]; + + script = '' + ${pkgs.hello-world-container}/compositeImage.sh | ${pkgs.docker}/bin/docker load + ''; + + serviceConfig = { + Type = "oneshot"; + }; + }; +} + diff --git a/nixos/tests/keymap.nix b/nixos/tests/keymap.nix index eec674e227df..caa5f7107c23 100644 --- a/nixos/tests/keymap.nix +++ b/nixos/tests/keymap.nix @@ -50,38 +50,7 @@ let machine.i18n.consoleKeyMap = mkOverride 900 layout; machine.services.xserver.layout = mkOverride 900 layout; machine.imports = [ ./common/x11.nix extraConfig ]; - machine.services.xserver.displayManager.slim = { - enable = true; - - # Use a custom theme in order to get best OCR results - theme = pkgs.runCommand "slim-theme-ocr" { - nativeBuildInputs = [ pkgs.imagemagick ]; - } '' - mkdir "$out" - convert -size 1x1 xc:white "$out/background.jpg" - convert -size 200x100 xc:white "$out/panel.jpg" - cat > "$out/slim.theme" <<EOF - background_color #ffffff - background_style tile - - input_fgcolor #000000 - msg_color #000000 - - session_color #000000 - session_font Verdana:size=16:bold - - username_msg Username: - username_font Verdana:size=16:bold - username_color #000000 - username_x 50% - username_y 40% - - password_msg Password: - password_x 50% - password_y 40% - EOF - ''; - }; + machine.services.xserver.displayManager.slim.enable = true; testScript = '' sub waitCatAndDelete ($) { diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 2d3ecaf94cfa..989008830613 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -39,7 +39,9 @@ import ./make-test.nix ({pkgs, ... }: { $client->waitForUnit("cups.service"); $client->sleep(10); # wait until cups is fully initialized $client->succeed("lpstat -r") =~ /scheduler is running/ or die; - $client->succeed("lpstat -H") =~ "localhost:631" or die; + # Test that UNIX socket is used for connections. + $client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die; + # Test that HTTP server is available too. $client->succeed("curl --fail http://localhost:631/"); $client->succeed("curl --fail http://server:631/"); $server->fail("curl --fail --connect-timeout 2 http://client:631/"); diff --git a/nixos/tests/pump.io.nix b/nixos/tests/pump.io.nix deleted file mode 100644 index 0991ed3fce1f..000000000000 --- a/nixos/tests/pump.io.nix +++ /dev/null @@ -1,89 +0,0 @@ -# This test runs pump.io with mongodb, listing on port 443. - -import ./make-test.nix ({ pkgs, ...} : let - snakeOilKey = '' - -----BEGIN PRIVATE KEY----- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqVemio78R41Tz - MnR2zFD/wFT0iScOpFkuytNmuPf28FLaa9wSBWmuAGbEi7wBIfw8/bUqFBTQp2G1 - m1cmcCKxhmvvOkGs89eM131s1lW/bXU3zYso4e7724kHwU65jRlQs6cFWIlmW7V5 - 3HQobP05dy+zPpujPPSlOQ0qYViR1s+RgZI8r0wS2ZDsliNtQwBLJSIvX6XVnXLo - F/HmF4/ySJ9pL2AxQXCwZE8SfCzHpArs9COIqTaAuwB79kxWSFQJewmab74BXiM6 - 9FMCtHON24Pl7OR9sRJHH8rMEzUumppmUeCNEzABjzQQ7svR18cmbzRWetp0tT9Y - 7rj6URHHAgMBAAECggEAGmbCldDnlrAzxJY3cwpsK5f2EwkHIr/aiuQpLCzTUlUh - onVBYRGxtaSeSSyXcV2BKTrxz5nZOBYZkPqI4Y5T8kwxgpz2/QW2jUABUtNN6yPe - HU4gma+bSTJX5PnTZ/M0z0tpQezdLx5b3I2M+48ZGMUegZvcp8qU6N8U6VK5VbFD - DMTGL4b+Kc9HScRkCJjU3FfQcqf9Ml5w9jzHSeHImYEDrG0nX8N8EImRCBXbgxCl - 5XT1h6LFUGdr+N6n2w56+6l8OZZVmwj1NdF6NJybUQl4Y7b0niA+5czzjRt/YUjZ - HW0fXmx3XlbYGWYdMdS+VaIW6pkUpm8kZkqjngqLwQKBgQDfhbFQmg9lsJQ8/dQZ - WzRNsozHKWkQiZbW5sXBWygJbAB3Hc8gvQkuZe9TVyF99cznRj6ro6pGZjP0rTdY - 3ACTL+ygRArcIR6VsJCIr6nPvBLpOoNb8TQeKPmHC2gnSP9zaT/K2lldYISKNaYQ - 0seB2gvZhIgMgWtZtmb3jdgl9wKBgQDDFdknXgvFgB+y96//9wTu2WWuE5yQ5yB7 - utAcHNO9rx5X1tJqxymYh+iE8HUN25By+96SpNMQFI+0wNGVB00YWNBKtyepimWN - EUCojTy+MIXIjrLcvviEePsI4TPWYf8XtZeiYtcczYrt/wPQUYaDb8LBRfpIfmhr - rCGW93s+sQKBgEDOKTeeQyKPjJsWWL01RTfVsZ04s155FcOeyu0heb0plAT1Ho12 - YUgTg8zc8Tfs4QiYxCjNXdvlW+Dvq6FWv8/s0CUzNRbXf1+U/oKys4AoHi+CqH0q - tJqd9KKjuwHQ10dl13n/znMVPbg4j7pG8lMCnfblxvAhQbeT+8yAUo/HAoGBAL3t - /n4KXNGK3NHDvXEp0H6t3wWsiEi3DPQJO+Wy1x8caCFCv5c/kaqz3tfWt0+njSm1 - N8tzdx13tzVWaHV8Jz3l8dxcFtxEJnxB6L5wy0urOAS7kT3DG3b1xgmuH2a//7fY - jumE60NahcER/2eIh7pdS7IZbAO6NfVmH0m4Zh/xAoGAbquh60sAfLC/1O2/4Xom - PHS7z2+TNpwu4ou3nspxfigNQcTWzzzTVFLnaTPg+HKbLRXSWysjssmmj5u3lCyc - S2M9xuhApa9CrN/udz4gEojRVsTla/gyLifIZ3CtTn2QEQiIJEMxM+59KAlkgUBo - 9BeZ03xTaEZfhVZ9bEN30Ak= - -----END PRIVATE KEY----- - ''; - - snakeOilCert = '' - -----BEGIN CERTIFICATE----- - MIICvjCCAaagAwIBAgIJANhA6+PPhomZMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV - BAMMDGIwOTM0YWMwYWZkNTAeFw0xNTExMzAxNzQ3MzVaFw0yNTExMjcxNzQ3MzVa - MBcxFTATBgNVBAMMDGIwOTM0YWMwYWZkNTCCASIwDQYJKoZIhvcNAQEBBQADggEP - ADCCAQoCggEBAKpV6aKjvxHjVPMydHbMUP/AVPSJJw6kWS7K02a49/bwUtpr3BIF - aa4AZsSLvAEh/Dz9tSoUFNCnYbWbVyZwIrGGa+86Qazz14zXfWzWVb9tdTfNiyjh - 7vvbiQfBTrmNGVCzpwVYiWZbtXncdChs/Tl3L7M+m6M89KU5DSphWJHWz5GBkjyv - TBLZkOyWI21DAEslIi9fpdWdcugX8eYXj/JIn2kvYDFBcLBkTxJ8LMekCuz0I4ip - NoC7AHv2TFZIVAl7CZpvvgFeIzr0UwK0c43bg+Xs5H2xEkcfyswTNS6ammZR4I0T - MAGPNBDuy9HXxyZvNFZ62nS1P1juuPpREccCAwEAAaMNMAswCQYDVR0TBAIwADAN - BgkqhkiG9w0BAQsFAAOCAQEAd2w9rxi6qF9WV8L3rHnTE7uu0ldtdgJlCASx6ouj - TleOnjfEg+kH8r8UbmRV5vsTDn1Qp5JGDYxfytRUQwLb1zTLde0xotx37E3LY8Wr - sD6Al4t8sHywB/hc5dy29TgG0iyG8LKZrkwytLvDZ814W3OwpN2rpEz6pdizdHNn - jsoDEngZiDHvLjIyE0cDkFXkeYMGXOnBUeOcu4nfu4C5eKs3nXGGAcNDbDRIuLoE - BZExUBY+YSs6JBvh5tvRqLVW0Dz0akEcjb/jhwS2LmDip8Pdoxx4Q1jPKEu38zrr - Vd5WD2HJhLb9u0UxVp9vfWIUDgydopV5ZmWCQ5YvNepb1w== - -----END CERTIFICATE----- - ''; -in { - name = "pumpio"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ rvl ]; - }; - - nodes = { - one = - { config, pkgs, ... }: - { - services = { - pumpio = { - port = 443; - enable = true; - sslCert = pkgs.writeText "snakeoil.cert" snakeOilCert; - sslKey = pkgs.writeText "snakeoil.pem" snakeOilKey; - secretFile = pkgs.writeText "secretFile" "test123"; - site = "test"; - }; - mongodb.enable = true; - mongodb.extraConfig = '' - storage.journal.enabled: false - ''; - }; - systemd.services.mongodb.unitConfig.Before = "pump.io.service"; - systemd.services."pump.io".unitConfig.Requires = "mongodb.service"; - }; - }; - - testScript = '' - startAll; - - $one->waitForUnit("pump.io.service"); - $one->waitUntilSucceeds("curl -k https://localhost"); - ''; -}) diff --git a/nixos/tests/vault.nix b/nixos/tests/vault.nix index 2c08d06f286b..515d5c8bac25 100644 --- a/nixos/tests/vault.nix +++ b/nixos/tests/vault.nix @@ -17,7 +17,7 @@ import ./make-test.nix ({ pkgs, ... }: $machine->waitForUnit('multi-user.target'); $machine->waitForUnit('vault.service'); $machine->waitForOpenPort(8200); - $machine->succeed('vault init'); - $machine->succeed('vault status | grep "Sealed: true"'); + $machine->succeed('vault operator init'); + $machine->succeed('vault status | grep Sealed | grep true'); ''; }) diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 5574293ba377..249571fcedec 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -43,6 +43,9 @@ let "init=${pkgs.writeScript "mini-init.sh" miniInit}" ]; + # XXX: Remove this once TSS location detection has been fixed in VirtualBox + boot.kernelPackages = pkgs.linuxPackages_4_9; + fileSystems."/" = { device = "vboxshare"; fsType = "vboxsf"; diff --git a/nixos/tests/xautolock.nix b/nixos/tests/xautolock.nix new file mode 100644 index 000000000000..ee46d9e05b06 --- /dev/null +++ b/nixos/tests/xautolock.nix @@ -0,0 +1,24 @@ +import ./make-test.nix ({ pkgs, lib, ... }: + +with lib; + +{ + name = "xautolock"; + meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ]; + + nodes.machine = { + imports = [ ./common/x11.nix ./common/user-account.nix ]; + + services.xserver.displayManager.auto.user = "bob"; + services.xserver.xautolock.enable = true; + services.xserver.xautolock.time = 1; + }; + + testScript = '' + $machine->start; + $machine->waitForX; + $machine->mustFail("pgrep xlock"); + $machine->sleep(120); + $machine->mustSucceed("pgrep xlock"); + ''; +}) |