Commit graph

22 commits

Author SHA1 Message Date
Graham Christensen 05636de7d2 hydra-init: upgrade passwords to Argon2 on startup 2021-04-16 12:32:13 -04:00
Graham Christensen 79b0ddc27d hydra-create-user: re-hash sha1 as Argon2 2021-04-16 12:32:13 -04:00
Graham Christensen d10d8964f2 Users: add a validation step which lets the user's password be a Argon2 hashed sha1 hash.
OWASP suggests expiring all passwords and requiring users to update their password.
However, we don't have a way to do this. They suggest this mechanism
as a good alternative:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes
2021-04-16 12:32:13 -04:00
Graham Christensen 1da70030b7 Users: transparently upgrade passwords to Argon2
Passwords that are sha1 will be transparently upgraded to argon2,
and future comparisons will use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:11 -04:00
Graham Christensen 29620df85e Passwords: check in constant time
The default password comparison logic does not use
constant time validation. Switching to constant time
offers a meager improvement by removing a timing
oracle.

A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after
for validating existing passwords.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:56 -04:00
Graham Christensen cf4434bc9f queue runner: test notifications
Especially, test the difference in behavior of substituted and unsubstituted builds.
2021-04-14 14:19:10 -04:00
Graham Christensen e45f852277 tests: allow specifying some nix config 2021-04-14 14:19:10 -04:00
Graham Christensen c7ac123dc5 Setup.pm: specify NIX_ env vars for running yath
Otherwise yath will try to use global configuration.
2021-04-14 14:19:10 -04:00
Graham Christensen 74d34c0f80 t/Setup.pm: sort NIX_ env vars 2021-04-14 14:19:09 -04:00
Graham Christensen 8aa59dcc1b Drop references to NIX_MANFIESTS_DIR and NIX_BUILD_HOOK
Neither of these have been supported in ~years.
2021-04-14 14:19:09 -04:00
Maximilian Bosch 2beb1f5405
Replace TestHTTPMockServer with python script
This seems to work fine in a `nix build`-sandbox as it doesn't depend on
`getprotobyname`.
2021-04-03 01:07:07 +02:00
Maximilian Bosch d16bf5b8cd
Implement yath-test for the new Gitea plugin 2021-04-02 19:11:25 +02:00
Graham Christensen 9bb04ed97a
Merge pull request #893 from grahamc/fake-channel-nested
Test the fake derivations channel, asserting nested packages are properly represented.
2021-03-24 17:56:55 -04:00
Graham Christensen 425c7ff17f
hydra-send-stats: add a --once option for testing 2021-03-20 09:16:08 -04:00
Graham Christensen 6f662a606a
hydra-send-stats: add a failing test asserting it can run 2021-03-20 09:14:14 -04:00
Graham Christensen 019aef3d41
Test the fake derivations channel, asserting nested packages are properly represented.
This is a breaking change. Previously, packages named `packageset.foo`
would be exposed in the fake derivation channel as `packageset-foo`.

Presumably this was done to avoid needing to track attribute sets, and
to avoid the complexity. I think this now correctly handles the
complexity and properly mirrors the input expressions layout.
2021-03-18 11:33:37 -04:00
Graham Christensen 88e0198a8e
Create a helper for dealing with nested attribute sets 2021-03-18 11:33:36 -04:00
Graham Christensen d62a2c1657
NixExprs: extract the escape function and test it 2021-03-18 11:24:17 -04:00
Graham Christensen b9fb66401b
Merge pull request #880 from grahamc/runcommand-finished-bool
RunCommand: emit the `finished` field as a boolean
2021-03-09 09:58:43 -05:00
Graham Christensen 2179b4b4b0
RunCommand: emit the finished field as a boolean 2021-03-08 12:11:20 -05:00
Matej Cotman a551fba346
statsd: add a chance to set hostname and port in hydra.conf
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-03-08 10:03:16 -05:00
Cole Helbling 025be052b7
tests: move to t, allow yath test from root
By moving the tests subdirectory to t, we gain the ability to run `yath
test` with no arguments from inside `nix develop` in the root of the
the repo.

(`nix develop` is necessary in order to set the proper env vars for
`yath` to find our test libraries.)
2021-03-05 09:49:06 -08:00