mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-30 23:34:12 +03:00
nixosTests.nscd: init, move DynamicUser test into there
nixosTests.systemd is quite heavy, it requires a full graphical system, which is quite a big of a rebuild if the only thing you want to test is whether dynamic users work. This is now moved to an `nscd` test, which tests various NSS lookups, making extra sure that the nscd path is tested, not the fallback path (by hiding /etc/nsswitch.conf and /etc/hosts for getent). nixosTests.resolv is removed. It didn't check for reverse lookups, didn't catch nscd breaking halfway in between, and also had an ambiguous reverse lookup - 192.0.2.1 could either reverse lookup to host-ipv4.example.net, or host-dual.example.net.
This commit is contained in:
parent
4e385bec15
commit
1224368495
@ -440,6 +440,7 @@ in {
|
|||||||
non-default-filesystems = handleTest ./non-default-filesystems.nix {};
|
non-default-filesystems = handleTest ./non-default-filesystems.nix {};
|
||||||
noto-fonts = handleTest ./noto-fonts.nix {};
|
noto-fonts = handleTest ./noto-fonts.nix {};
|
||||||
novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
|
novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
|
||||||
|
nscd = handleTest ./nscd.nix {};
|
||||||
nsd = handleTest ./nsd.nix {};
|
nsd = handleTest ./nsd.nix {};
|
||||||
nzbget = handleTest ./nzbget.nix {};
|
nzbget = handleTest ./nzbget.nix {};
|
||||||
nzbhydra2 = handleTest ./nzbhydra2.nix {};
|
nzbhydra2 = handleTest ./nzbhydra2.nix {};
|
||||||
@ -529,7 +530,6 @@ in {
|
|||||||
rasdaemon = handleTest ./rasdaemon.nix {};
|
rasdaemon = handleTest ./rasdaemon.nix {};
|
||||||
redis = handleTest ./redis.nix {};
|
redis = handleTest ./redis.nix {};
|
||||||
redmine = handleTest ./redmine.nix {};
|
redmine = handleTest ./redmine.nix {};
|
||||||
resolv = handleTest ./resolv.nix {};
|
|
||||||
restartByActivationScript = handleTest ./restart-by-activation-script.nix {};
|
restartByActivationScript = handleTest ./restart-by-activation-script.nix {};
|
||||||
restic = handleTest ./restic.nix {};
|
restic = handleTest ./restic.nix {};
|
||||||
retroarch = handleTest ./retroarch.nix {};
|
retroarch = handleTest ./retroarch.nix {};
|
||||||
|
93
nixos/tests/nscd.nix
Normal file
93
nixos/tests/nscd.nix
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
|
let
|
||||||
|
# build a getent that itself doesn't see anything in /etc/hosts and
|
||||||
|
# /etc/nsswitch.conf, by using libredirect to steer its own requests to
|
||||||
|
# /dev/null.
|
||||||
|
# This means is /has/ to go via nscd to actuallly resolve any of the
|
||||||
|
# additionally configured hosts.
|
||||||
|
getent' = pkgs.writeScript "getent-without-etc-hosts" ''
|
||||||
|
export NIX_REDIRECTS=/etc/hosts=/dev/null:/etc/nsswitch.conf=/dev/null
|
||||||
|
export LD_PRELOAD=${pkgs.libredirect}/lib/libredirect.so
|
||||||
|
exec getent $@
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
name = "nscd";
|
||||||
|
|
||||||
|
nodes.machine = { lib, ... }: {
|
||||||
|
imports = [ common/user-account.nix ];
|
||||||
|
networking.extraHosts = ''
|
||||||
|
2001:db8::1 somehost.test
|
||||||
|
192.0.2.1 somehost.test
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
start_all()
|
||||||
|
machine.wait_for_unit("default.target")
|
||||||
|
|
||||||
|
# Regression test for https://github.com/NixOS/nixpkgs/issues/50273
|
||||||
|
with subtest("DynamicUser actually allocates a user"):
|
||||||
|
assert "iamatest" in machine.succeed(
|
||||||
|
"systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Test resolution of somehost.test with getent', to make sure we go via nscd
|
||||||
|
with subtest("host lookups via nscd"):
|
||||||
|
# ahosts
|
||||||
|
output = machine.succeed("${getent'} ahosts somehost.test")
|
||||||
|
assert "192.0.2.1" in output
|
||||||
|
assert "2001:db8::1" in output
|
||||||
|
|
||||||
|
# ahostsv4
|
||||||
|
output = machine.succeed("${getent'} ahostsv4 somehost.test")
|
||||||
|
assert "192.0.2.1" in output
|
||||||
|
assert "2001:db8::1" not in output
|
||||||
|
|
||||||
|
# ahostsv6
|
||||||
|
output = machine.succeed("${getent'} ahostsv6 somehost.test")
|
||||||
|
assert "192.0.2.1" not in output
|
||||||
|
assert "2001:db8::1" in output
|
||||||
|
|
||||||
|
# reverse lookups (hosts)
|
||||||
|
assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1")
|
||||||
|
assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1")
|
||||||
|
|
||||||
|
|
||||||
|
# Test host resolution via nss modules works
|
||||||
|
# We rely on nss-myhostname in this case, which resolves *.localhost and
|
||||||
|
# _gateway.
|
||||||
|
# We don't need to use getent' here, as non-glibc nss modules can only be
|
||||||
|
# discovered via nscd.
|
||||||
|
with subtest("nss-myhostname provides hostnames (ahosts)"):
|
||||||
|
# ahosts
|
||||||
|
output = machine.succeed("getent ahosts foobar.localhost")
|
||||||
|
assert "::1" in output
|
||||||
|
assert "127.0.0.1" in output
|
||||||
|
|
||||||
|
# ahostsv4
|
||||||
|
output = machine.succeed("getent ahostsv4 foobar.localhost")
|
||||||
|
assert "::1" not in output
|
||||||
|
assert "127.0.0.1" in output
|
||||||
|
|
||||||
|
# ahostsv6
|
||||||
|
output = machine.succeed("getent ahostsv6 foobar.localhost")
|
||||||
|
assert "::1" in output
|
||||||
|
assert "127.0.0.1" not in output
|
||||||
|
|
||||||
|
# ahosts
|
||||||
|
output = machine.succeed("getent ahosts _gateway")
|
||||||
|
|
||||||
|
# returns something like the following:
|
||||||
|
# 10.0.2.2 STREAM _gateway
|
||||||
|
# 10.0.2.2 DGRAM
|
||||||
|
# 10.0.2.2 RAW
|
||||||
|
# fe80::2 STREAM
|
||||||
|
# fe80::2 DGRAM
|
||||||
|
# fe80::2 RAW
|
||||||
|
|
||||||
|
# Verify we see both ip addresses
|
||||||
|
assert "10.0.2.2" in output
|
||||||
|
assert "fe80::2" in output
|
||||||
|
'';
|
||||||
|
})
|
@ -1,46 +0,0 @@
|
|||||||
# Test whether DNS resolving returns multiple records and all address families.
|
|
||||||
import ./make-test-python.nix ({ pkgs, ... } : {
|
|
||||||
name = "resolv";
|
|
||||||
meta = with pkgs.lib.maintainers; {
|
|
||||||
maintainers = [ ckauhaus ];
|
|
||||||
};
|
|
||||||
|
|
||||||
nodes.resolv = { ... }: {
|
|
||||||
networking.extraHosts = ''
|
|
||||||
# IPv4 only
|
|
||||||
192.0.2.1 host-ipv4.example.net
|
|
||||||
192.0.2.2 host-ipv4.example.net
|
|
||||||
# IP6 only
|
|
||||||
2001:db8::2:1 host-ipv6.example.net
|
|
||||||
2001:db8::2:2 host-ipv6.example.net
|
|
||||||
# dual stack
|
|
||||||
192.0.2.1 host-dual.example.net
|
|
||||||
192.0.2.2 host-dual.example.net
|
|
||||||
2001:db8::2:1 host-dual.example.net
|
|
||||||
2001:db8::2:2 host-dual.example.net
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
testScript = ''
|
|
||||||
def addrs_in(hostname, addrs):
|
|
||||||
res = resolv.succeed("getent ahosts {}".format(hostname))
|
|
||||||
for addr in addrs:
|
|
||||||
assert addr in res, "Expected output '{}' not found in\n{}".format(addr, res)
|
|
||||||
|
|
||||||
|
|
||||||
start_all()
|
|
||||||
resolv.wait_for_unit("nscd")
|
|
||||||
|
|
||||||
ipv4 = ["192.0.2.1", "192.0.2.2"]
|
|
||||||
ipv6 = ["2001:db8::2:1", "2001:db8::2:2"]
|
|
||||||
|
|
||||||
with subtest("IPv4 resolves"):
|
|
||||||
addrs_in("host-ipv4.example.net", ipv4)
|
|
||||||
|
|
||||||
with subtest("IPv6 resolves"):
|
|
||||||
addrs_in("host-ipv6.example.net", ipv6)
|
|
||||||
|
|
||||||
with subtest("Dual stack resolves"):
|
|
||||||
addrs_in("host-dual.example.net", ipv4 + ipv6)
|
|
||||||
'';
|
|
||||||
})
|
|
@ -87,12 +87,6 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||||||
machine.succeed("test -e /home/alice/user_conf_read")
|
machine.succeed("test -e /home/alice/user_conf_read")
|
||||||
machine.succeed("test -z $(ls -1 /var/log/journal)")
|
machine.succeed("test -z $(ls -1 /var/log/journal)")
|
||||||
|
|
||||||
# Regression test for https://github.com/NixOS/nixpkgs/issues/50273
|
|
||||||
with subtest("DynamicUser actually allocates a user"):
|
|
||||||
assert "iamatest" in machine.succeed(
|
|
||||||
"systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
|
|
||||||
)
|
|
||||||
|
|
||||||
with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"):
|
with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"):
|
||||||
retcode, output = machine.execute("systemctl status testservice1.service")
|
retcode, output = machine.execute("systemctl status testservice1.service")
|
||||||
assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507
|
assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507
|
||||||
|
Loading…
Reference in New Issue
Block a user