nixos/tests/nscd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / nscd.nix
at 25.11-pre 5.2 kB view raw
  1import ./make-test-python.nix (
  2  { pkgs, ... }:
  3  let
  4    # build a getent that itself doesn't see anything in /etc/hosts and
  5    # /etc/nsswitch.conf, by using libredirect to steer its own requests to
  6    # /dev/null.
  7    # This means is /has/ to go via nscd to actually resolve any of the
  8    # additionally configured hosts.
  9    getent' = pkgs.writeScript "getent-without-etc-hosts" ''
 10      export NIX_REDIRECTS=/etc/hosts=/dev/null:/etc/nsswitch.conf=/dev/null
 11      export LD_PRELOAD=${pkgs.libredirect}/lib/libredirect.so
 12      exec getent $@
 13    '';
 14  in
 15  {
 16    name = "nscd";
 17
 18    nodes.machine =
 19      { pkgs, ... }:
 20      {
 21        imports = [ common/user-account.nix ];
 22        networking.extraHosts = ''
 23          2001:db8::1 somehost.test
 24          192.0.2.1 somehost.test
 25        '';
 26
 27        systemd.services.sockdump = {
 28          wantedBy = [ "multi-user.target" ];
 29          path = [
 30            # necessary for bcc to unpack kernel headers and invoke modprobe
 31            pkgs.gnutar
 32            pkgs.xz.bin
 33            pkgs.kmod
 34          ];
 35          environment.PYTHONUNBUFFERED = "1";
 36
 37          serviceConfig = {
 38            ExecStart = "${pkgs.sockdump}/bin/sockdump /var/run/nscd/socket";
 39            Restart = "on-failure";
 40            RestartSec = "1";
 41            Type = "simple";
 42          };
 43        };
 44
 45        specialisation = {
 46          withGlibcNscd.configuration =
 47            { ... }:
 48            {
 49              services.nscd.enableNsncd = false;
 50            };
 51          withUnscd.configuration =
 52            { ... }:
 53            {
 54              services.nscd.enableNsncd = false;
 55              services.nscd.package = pkgs.unscd;
 56            };
 57        };
 58      };
 59
 60    testScript =
 61      { nodes, ... }:
 62      let
 63        specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
 64      in
 65      ''
 66        # Regression test for https://github.com/NixOS/nixpkgs/issues/50273
 67        def test_dynamic_user():
 68            with subtest("DynamicUser actually allocates a user"):
 69                assert "iamatest" in machine.succeed(
 70                    "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
 71                )
 72
 73        # Test resolution of somehost.test with getent', to make sure we go via
 74        # nscd protocol
 75        def test_host_lookups():
 76            with subtest("host lookups via nscd protocol"):
 77                # ahosts
 78                output = machine.succeed("${getent'} ahosts somehost.test")
 79                assert "192.0.2.1" in output
 80                assert "2001:db8::1" in output
 81
 82                # ahostsv4
 83                output = machine.succeed("${getent'} ahostsv4 somehost.test")
 84                assert "192.0.2.1" in output
 85                assert "2001:db8::1" not in output
 86
 87                # ahostsv6
 88                output = machine.succeed("${getent'} ahostsv6 somehost.test")
 89                assert "192.0.2.1" not in output
 90                assert "2001:db8::1" in output
 91
 92                # reverse lookups (hosts)
 93                assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1")
 94                assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1")
 95
 96
 97        # Test host resolution via nss modules works
 98        # We rely on nss-myhostname in this case, which resolves *.localhost and
 99        # _gateway.
100        # We don't need to use getent' here, as non-glibc nss modules can only be
101        # discovered via nscd.
102        def test_nss_myhostname():
103            with subtest("nss-myhostname provides hostnames (ahosts)"):
104                # ahosts
105                output = machine.succeed("getent ahosts foobar.localhost")
106                assert "::1" in output
107                assert "127.0.0.1" in output
108
109                # ahostsv4
110                output = machine.succeed("getent ahostsv4 foobar.localhost")
111                assert "::1" not in output
112                assert "127.0.0.1" in output
113
114                # ahostsv6
115                output = machine.succeed("getent ahostsv6 foobar.localhost")
116                assert "::1" in output
117                assert "127.0.0.1" not in output
118
119        start_all()
120        machine.wait_for_unit("default.target")
121
122        # give sockdump some time to finish attaching.
123        machine.sleep(5)
124
125        # Test all tests with glibc-nscd.
126        test_dynamic_user()
127        test_host_lookups()
128        test_nss_myhostname()
129
130        with subtest("glibc-nscd"):
131            machine.succeed('${specialisations}/withGlibcNscd/bin/switch-to-configuration test')
132            machine.wait_for_unit("default.target")
133
134            test_dynamic_user()
135            test_host_lookups()
136            test_nss_myhostname()
137
138        with subtest("unscd"):
139            machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test')
140            machine.wait_for_unit("default.target")
141
142            # known to fail, unscd doesn't load external NSS modules
143            # test_dynamic_user()
144
145            test_host_lookups()
146
147            # known to fail, unscd doesn't load external NSS modules
148            # test_nss_myhostname()
149      '';
150  }
151)