diff options
Diffstat (limited to 'nixpkgs/nixos/tests/nscd.nix')
-rw-r--r-- | nixpkgs/nixos/tests/nscd.nix | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/nscd.nix b/nixpkgs/nixos/tests/nscd.nix new file mode 100644 index 000000000000..356c6d2e2a54 --- /dev/null +++ b/nixpkgs/nixos/tests/nscd.nix @@ -0,0 +1,142 @@ +import ./make-test-python.nix ({ pkgs, ... }: +let + # build a getent that itself doesn't see anything in /etc/hosts and + # /etc/nsswitch.conf, by using libredirect to steer its own requests to + # /dev/null. + # This means is /has/ to go via nscd to actuallly resolve any of the + # additionally configured hosts. + getent' = pkgs.writeScript "getent-without-etc-hosts" '' + export NIX_REDIRECTS=/etc/hosts=/dev/null:/etc/nsswitch.conf=/dev/null + export LD_PRELOAD=${pkgs.libredirect}/lib/libredirect.so + exec getent $@ + ''; +in +{ + name = "nscd"; + + nodes.machine = { pkgs, ... }: { + imports = [ common/user-account.nix ]; + networking.extraHosts = '' + 2001:db8::1 somehost.test + 192.0.2.1 somehost.test + ''; + + systemd.services.sockdump = { + wantedBy = [ "multi-user.target" ]; + path = [ + # necessary for bcc to unpack kernel headers and invoke modprobe + pkgs.gnutar + pkgs.xz.bin + pkgs.kmod + ]; + environment.PYTHONUNBUFFERED = "1"; + + serviceConfig = { + ExecStart = "${pkgs.sockdump}/bin/sockdump /var/run/nscd/socket"; + Restart = "on-failure"; + RestartSec = "1"; + Type = "simple"; + }; + }; + + specialisation = { + withGlibcNscd.configuration = { ... }: { + services.nscd.enableNsncd = false; + }; + withUnscd.configuration = { ... }: { + services.nscd.enableNsncd = false; + services.nscd.package = pkgs.unscd; + }; + }; + }; + + testScript = { nodes, ... }: + let + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; + in + '' + # Regression test for https://github.com/NixOS/nixpkgs/issues/50273 + def test_dynamic_user(): + with subtest("DynamicUser actually allocates a user"): + assert "iamatest" in machine.succeed( + "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami" + ) + + # Test resolution of somehost.test with getent', to make sure we go via + # nscd protocol + def test_host_lookups(): + with subtest("host lookups via nscd protocol"): + # ahosts + output = machine.succeed("${getent'} ahosts somehost.test") + assert "192.0.2.1" in output + assert "2001:db8::1" in output + + # ahostsv4 + output = machine.succeed("${getent'} ahostsv4 somehost.test") + assert "192.0.2.1" in output + assert "2001:db8::1" not in output + + # ahostsv6 + output = machine.succeed("${getent'} ahostsv6 somehost.test") + assert "192.0.2.1" not in output + assert "2001:db8::1" in output + + # reverse lookups (hosts) + assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1") + assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1") + + + # Test host resolution via nss modules works + # We rely on nss-myhostname in this case, which resolves *.localhost and + # _gateway. + # We don't need to use getent' here, as non-glibc nss modules can only be + # discovered via nscd. + def test_nss_myhostname(): + with subtest("nss-myhostname provides hostnames (ahosts)"): + # ahosts + output = machine.succeed("getent ahosts foobar.localhost") + assert "::1" in output + assert "127.0.0.1" in output + + # ahostsv4 + output = machine.succeed("getent ahostsv4 foobar.localhost") + assert "::1" not in output + assert "127.0.0.1" in output + + # ahostsv6 + output = machine.succeed("getent ahostsv6 foobar.localhost") + assert "::1" in output + assert "127.0.0.1" not in output + + start_all() + machine.wait_for_unit("default.target") + + # give sockdump some time to finish attaching. + machine.sleep(5) + + # Test all tests with glibc-nscd. + test_dynamic_user() + test_host_lookups() + test_nss_myhostname() + + with subtest("glibc-nscd"): + machine.succeed('${specialisations}/withGlibcNscd/bin/switch-to-configuration test') + machine.wait_for_unit("default.target") + + test_dynamic_user() + test_host_lookups() + test_nss_myhostname() + + with subtest("unscd"): + machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test') + machine.wait_for_unit("default.target") + + # known to fail, unscd doesn't load external NSS modules + # test_dynamic_user() + + test_host_lookups() + + # known to fail, unscd doesn't load external NSS modules + # test_nss_myhostname() + ''; +}) |