forked from lix-project/lix
Adds a test for nss preload mechanism
This tests for the fix implemented in #5224 Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
This commit is contained in:
parent
158fa6870f
commit
e33f74495b
|
@ -444,6 +444,12 @@
|
||||||
inherit (self) overlay;
|
inherit (self) overlay;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tests.nssPreload = (import ./tests/nss-preload.nix rec {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
inherit nixpkgs;
|
||||||
|
inherit (self) overlay;
|
||||||
|
});
|
||||||
|
|
||||||
tests.githubFlakes = (import ./tests/github-flakes.nix rec {
|
tests.githubFlakes = (import ./tests/github-flakes.nix rec {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
inherit nixpkgs;
|
inherit nixpkgs;
|
||||||
|
|
123
tests/nss-preload.nix
Normal file
123
tests/nss-preload.nix
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
{ nixpkgs, system, overlay }:
|
||||||
|
|
||||||
|
with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||||
|
inherit system;
|
||||||
|
extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
|
||||||
|
};
|
||||||
|
|
||||||
|
makeTest (
|
||||||
|
|
||||||
|
rec {
|
||||||
|
name = "nss-preload";
|
||||||
|
|
||||||
|
nodes = {
|
||||||
|
http_dns = { lib, pkgs, config, ... }: {
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
|
||||||
|
{ address = "fd21::1"; prefixLength = 64; }
|
||||||
|
];
|
||||||
|
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||||
|
{ address = "192.168.0.1"; prefixLength = 24; }
|
||||||
|
];
|
||||||
|
|
||||||
|
services.unbound = {
|
||||||
|
enable = true;
|
||||||
|
enableRootTrustAnchor = false;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
interface = [ "192.168.0.1" "fd21::1" "::1" "127.0.0.1" ];
|
||||||
|
access-control = [ "192.168.0.0/24 allow" "fd21::/64 allow" "::1 allow" "127.0.0.0/8 allow" ];
|
||||||
|
local-data = [
|
||||||
|
''"example.com. IN A 192.168.0.1"''
|
||||||
|
''"example.com. IN AAAA fd21::1"''
|
||||||
|
''"tarballs.nixos.org. IN A 192.168.0.1"''
|
||||||
|
''"tarballs.nixos.org. IN AAAA fd21::1"''
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."example.com" = {
|
||||||
|
root = pkgs.runCommand "testdir" {} ''
|
||||||
|
mkdir "$out"
|
||||||
|
echo hello world > "$out/index.html"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# client consumes a remote resolver
|
||||||
|
client = { lib, nodes, pkgs, ... }: {
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.nameservers = [
|
||||||
|
(lib.head nodes.http_dns.config.networking.interfaces.eth1.ipv6.addresses).address
|
||||||
|
(lib.head nodes.http_dns.config.networking.interfaces.eth1.ipv4.addresses).address
|
||||||
|
];
|
||||||
|
networking.interfaces.eth1.ipv6.addresses = [
|
||||||
|
{ address = "fd21::10"; prefixLength = 64; }
|
||||||
|
];
|
||||||
|
networking.interfaces.eth1.ipv4.addresses = [
|
||||||
|
{ address = "192.168.0.10"; prefixLength = 24; }
|
||||||
|
];
|
||||||
|
|
||||||
|
nix.sandboxPaths = lib.mkForce [];
|
||||||
|
nix.binaryCaches = lib.mkForce [];
|
||||||
|
nix.useSandbox = lib.mkForce true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nix-fetch = pkgs.writeText "fetch.nix" ''
|
||||||
|
derivation {
|
||||||
|
# This derivation is an copy from what is available over at
|
||||||
|
# nix.git:corepkgs/fetchurl.nix
|
||||||
|
builder = "builtin:fetchurl";
|
||||||
|
|
||||||
|
# We're going to fetch data from the http_dns instance created before
|
||||||
|
# we expect the content to be the same as the content available there.
|
||||||
|
# ```
|
||||||
|
# $ nix-hash --type sha256 --to-base32 $(echo "hello world" | sha256sum | cut -d " " -f 1)
|
||||||
|
# 0ix4jahrkll5zg01wandq78jw3ab30q4nscph67rniqg5x7r0j59
|
||||||
|
# ```
|
||||||
|
outputHash = "0ix4jahrkll5zg01wandq78jw3ab30q4nscph67rniqg5x7r0j59";
|
||||||
|
outputHashAlgo = "sha256";
|
||||||
|
outputHashMode = "flat";
|
||||||
|
|
||||||
|
name = "example.com";
|
||||||
|
url = "http://example.com";
|
||||||
|
|
||||||
|
unpack = false;
|
||||||
|
executable = false;
|
||||||
|
|
||||||
|
system = "builtin";
|
||||||
|
|
||||||
|
preferLocalBuild = true;
|
||||||
|
|
||||||
|
impureEnvVars = [
|
||||||
|
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
|
||||||
|
];
|
||||||
|
|
||||||
|
urls = [ "http://example.com" ];
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
testScript = { nodes, ... }: ''
|
||||||
|
http_dns.wait_for_unit("nginx")
|
||||||
|
http_dns.wait_for_open_port(80)
|
||||||
|
http_dns.wait_for_unit("unbound")
|
||||||
|
http_dns.wait_for_open_port(53)
|
||||||
|
|
||||||
|
client.start()
|
||||||
|
client.wait_for_unit('multi-user.target')
|
||||||
|
|
||||||
|
with subtest("can fetch data from a remote server outside sandbox"):
|
||||||
|
client.succeed("nix --version >&2")
|
||||||
|
client.succeed("curl -vvv http://example.com/index.html >&2")
|
||||||
|
|
||||||
|
with subtest("nix-build can lookup dns and fetch data"):
|
||||||
|
client.succeed("""
|
||||||
|
nix-build ${nix-fetch} >&2
|
||||||
|
""")
|
||||||
|
'';
|
||||||
|
})
|
Loading…
Reference in a new issue