wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-08 11:03:54 +02:00
Code Activity

Convert VM tests to Python

Browse source 
Perl-based tests are deprecated since NixOS 20.03 and subsequently got
removed in NixOS 20.09, which effectively means that tests are going to
fail as soon as we build it with NixOS 20.09 or anything newer.

I've put "# fmt: off" at the start of every testScript, because
formatting with Black really messes up indentation and I don't think it
really adds anything in value or readability for inlined Python scripts.

Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 5cfdf16dd6)
Signed-off-by: Domen Kožar <domen@dev.si>
This commit is contained in:
aszlig 2020-10-17 22:08:18 +02:00 committed by Domen Kožar
parent 78e7d7cfab
commit 50b8ef40cb
No known key found for this signature in database
GPG key ID: C2FFBCAFD2C24246
4 changed files with 159 additions and 133 deletions
Download patch file Download diff file Expand all files Collapse all files

2
release.nix
View file

@ -256,7 +256,7 @@ let
tests.binaryTarball = tests.binaryTarball =
with import nixpkgs { system = "x86_64-linux"; }; with import nixpkgs { system = "x86_64-linux"; };
vmTools.runInLinuxImage (runCommand "nix-binary-tarball-test" vmTools.runInLinuxImage (runCommand "nix-binary-tarball-test"
{ diskImage = vmTools.diskImages.ubuntu1204x86_64; { diskImage = vmTools.diskImages.ubuntu2004x86_64;
} }
'' ''
set -x set -x

71
tests/nix-copy-closure.nix
View file

@ -2,7 +2,9 @@
{ nixpkgs, system, nix }: { nixpkgs, system, nix }:
with import (nixpkgs + "/nixos/lib/testing.nix") { inherit system; }; with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
};
makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; in { makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; in {
@ -24,41 +26,46 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; in {
}; };
}; };
testScript = { nodes }: testScript = { nodes }: ''
'' # fmt: off
startAll; import subprocess
# Create an SSH key on the client. start_all()
my $key = `${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f key -N ""`;
$client->succeed("mkdir -m 700 /root/.ssh");
$client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
$client->succeed("chmod 600 /root/.ssh/id_ed25519");
# Install the SSH key on the server. # Create an SSH key on the client.
$server->succeed("mkdir -m 700 /root/.ssh"); subprocess.run([
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); "${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
$server->waitForUnit("sshd"); ], capture_output=True, check=True)
$client->waitForUnit("network.target");
$client->succeed("ssh -o StrictHostKeyChecking=no " . $server->name() . " 'echo hello world'");
# Copy the closure of package A from the client to the server. client.succeed("mkdir -m 700 /root/.ssh")
$server->fail("nix-store --check-validity ${pkgA}"); client.copy_from_host("key", "/root/.ssh/id_ed25519")
$client->succeed("nix-copy-closure --to server --gzip ${pkgA} >&2"); client.succeed("chmod 600 /root/.ssh/id_ed25519")
$server->succeed("nix-store --check-validity ${pkgA}");
# Copy the closure of package B from the server to the client. # Install the SSH key on the server.
$client->fail("nix-store --check-validity ${pkgB}"); server.succeed("mkdir -m 700 /root/.ssh")
$client->succeed("nix-copy-closure --from server --gzip ${pkgB} >&2"); server.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
$client->succeed("nix-store --check-validity ${pkgB}"); server.wait_for_unit("sshd")
client.wait_for_unit("network.target")
client.succeed(f"ssh -o StrictHostKeyChecking=no {server.name} 'echo hello world'")
# Copy the closure of package C via the SSH substituter. # Copy the closure of package A from the client to the server.
$client->fail("nix-store -r ${pkgC}"); server.fail("nix-store --check-validity ${pkgA}")
# FIXME client.succeed("nix-copy-closure --to server --gzip ${pkgA} >&2")
#$client->succeed( server.succeed("nix-store --check-validity ${pkgA}")
# "nix-store --option use-ssh-substituter true"
# . " --option ssh-substituter-hosts root\@server"
# . " -r ${pkgC} >&2");
#$client->succeed("nix-store --check-validity ${pkgC}");
'';
# Copy the closure of package B from the server to the client.
client.fail("nix-store --check-validity ${pkgB}")
client.succeed("nix-copy-closure --from server --gzip ${pkgB} >&2")
client.succeed("nix-store --check-validity ${pkgB}")
# Copy the closure of package C via the SSH substituter.
client.fail("nix-store -r ${pkgC}")
# FIXME
# client.succeed(
# "nix-store --option use-ssh-substituter true"
# " --option ssh-substituter-hosts root\@server"
# " -r ${pkgC} >&2"
# )
# client.succeed("nix-store --check-validity ${pkgC}")
'';
}) })

72
tests/remote-builds.nix
View file

@ -2,7 +2,9 @@
{ nixpkgs, system, nix }: { nixpkgs, system, nix }:
with import (nixpkgs + "/nixos/lib/testing.nix") { inherit system; }; with import (nixpkgs + "/nixos/lib/testing-python.nix") {
inherit system;
};
makeTest ( makeTest (
@ -65,44 +67,46 @@ in
}; };
}; };
testScript = { nodes }: testScript = { nodes }: ''
'' # fmt: off
startAll; import subprocess
# Create an SSH key on the client. start_all()
my $key = `${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f key -N ""`;
$client->succeed("mkdir -p -m 700 /root/.ssh");
$client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
$client->succeed("chmod 600 /root/.ssh/id_ed25519");
# Install the SSH key on the builders. # Create an SSH key on the client.
$client->waitForUnit("network.target"); subprocess.run([
foreach my $builder ($builder1, $builder2) { "${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
$builder->succeed("mkdir -p -m 700 /root/.ssh"); ], capture_output=True, check=True)
$builder->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); client.succeed("mkdir -p -m 700 /root/.ssh")
$builder->waitForUnit("sshd"); client.copy_from_host("key", "/root/.ssh/id_ed25519")
$client->succeed("ssh -o StrictHostKeyChecking=no " . $builder->name() . " 'echo hello world'"); client.succeed("chmod 600 /root/.ssh/id_ed25519")
}
# Perform a build and check that it was performed on the builder. # Install the SSH key on the builders.
my $out = $client->succeed( client.wait_for_unit("network.target")
"nix-build ${expr nodes.client.config 1} 2> build-output", for builder in [builder1, builder2]:
"grep -q Hello build-output" builder.succeed("mkdir -p -m 700 /root/.ssh")
); builder.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
$builder1->succeed("test -e $out"); builder.wait_for_unit("sshd")
client.succeed(f"ssh -o StrictHostKeyChecking=no {builder.name} 'echo hello world'")
# And a parallel build. # Perform a build and check that it was performed on the builder.
my ($out1, $out2) = split /\s/, out = client.succeed(
$client->succeed('nix-store -r $(nix-instantiate ${expr nodes.client.config 2})\!out $(nix-instantiate ${expr nodes.client.config 3})\!out'); "nix-build ${expr nodes.client.config 1} 2> build-output",
$builder1->succeed("test -e $out1 -o -e $out2"); "grep -q Hello build-output"
$builder2->succeed("test -e $out1 -o -e $out2"); )
builder1.succeed(f"test -e {out}")
# And a failing build. # And a parallel build.
$client->fail("nix-build ${expr nodes.client.config 5}"); paths = client.succeed(r'nix-store -r $(nix-instantiate ${expr nodes.client.config 2})\!out $(nix-instantiate ${expr nodes.client.config 3})\!out')
out1, out2 = paths.split()
builder1.succeed(f"test -e {out1} -o -e {out2}")
builder2.succeed(f"test -e {out1} -o -e {out2}")
# Test whether the build hook automatically skips unavailable builders. # And a failing build.
$builder1->block; client.fail("nix-build ${expr nodes.client.config 5}")
$client->succeed("nix-build ${expr nodes.client.config 4}");
'';
# Test whether the build hook automatically skips unavailable builders.
builder1.block()
client.succeed("nix-build ${expr nodes.client.config 4}")
'';
}) })

147
tests/setuid.nix
View file

@ -15,94 +15,109 @@ makeTest {
virtualisation.pathsInNixDB = [ pkgs.stdenv pkgs.pkgsi686Linux.stdenv ]; virtualisation.pathsInNixDB = [ pkgs.stdenv pkgs.pkgsi686Linux.stdenv ];
}; };
testScript = { nodes }: testScript = { nodes }: ''
'' # fmt: off
startAll; start_all()
# Copying to /tmp should succeed. # Copying to /tmp should succeed.
$machine->succeed('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" {} " machine.succeed(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" {} "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
")\' '); cp ${pkgs.coreutils}/bin/id /tmp/id
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
# Creating a setuid binary should fail. # Creating a setuid binary should fail.
$machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" {} " machine.fail(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" {} "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
chmod 4755 /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); chmod 4755 /tmp/id
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
# Creating a setgid binary should fail. # Creating a setgid binary should fail.
$machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" {} " machine.fail(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" {} "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
chmod 2755 /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); chmod 2755 /tmp/id
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
# The checks should also work on 32-bit binaries. # The checks should also work on 32-bit binaries.
$machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} " machine.fail(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
chmod 2755 /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); chmod 2755 /tmp/id
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
# The tests above use fchmodat(). Test chmod() as well. # The tests above use fchmodat(). Test chmod() as well.
$machine->succeed('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " machine.succeed(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
perl -e \"chmod 0666, qw(/tmp/id) or die\" cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); perl -e \"chmod 0666, qw(/tmp/id) or die\"
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 666 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 666 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
$machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " machine.fail(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
perl -e \"chmod 04755, qw(/tmp/id) or die\" cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); perl -e \"chmod 04755, qw(/tmp/id) or die\"
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
# And test fchmod(). # And test fchmod().
$machine->succeed('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " machine.succeed(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\" cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 1750 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 1750 ]]')
$machine->succeed("rm /tmp/id"); machine.succeed("rm /tmp/id")
$machine->fail('nix-build --no-sandbox -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " machine.fail(r"""
mkdir -p $out nix-build --no-sandbox -E '(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
cp ${pkgs.coreutils}/bin/id /tmp/id mkdir -p $out
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\" cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"
")'
""".strip())
$machine->succeed('[[ $(stat -c %a /tmp/id) = 555 ]]'); machine.succeed('[[ $(stat -c %a /tmp/id) = 555 ]]')
$machine->succeed("rm /tmp/id");
'';
machine.succeed("rm /tmp/id")
'';
} }