nixos/tests/activation/etc-overlay-immutable.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / activation / etc-overlay-immutable.nix
at master 4.4 kB view raw
  1{ lib, ... }:
  2{
  3
  4  name = "activation-etc-overlay-immutable";
  5
  6  meta.maintainers = with lib.maintainers; [ nikstur ];
  7
  8  nodes.machine =
  9    { pkgs, ... }:
 10    {
 11      system.etc.overlay.enable = true;
 12      system.etc.overlay.mutable = false;
 13
 14      # Prerequisites
 15      systemd.sysusers.enable = true;
 16      users.mutableUsers = false;
 17      boot.initrd.systemd.enable = true;
 18      boot.kernelPackages = pkgs.linuxPackages_latest;
 19      time.timeZone = "Utc";
 20
 21      # The standard resolvconf service tries to write to /etc and crashes,
 22      # which makes nixos-rebuild exit uncleanly when switching into the new generation
 23      services.resolved.enable = true;
 24
 25      environment.etc = {
 26        "mountpoint/.keep".text = "keep";
 27        "filemount".text = "keep";
 28      };
 29
 30      specialisation.new-generation.configuration = {
 31        environment.etc."newgen".text = "newgen";
 32      };
 33      specialisation.newer-generation.configuration = {
 34        environment.etc."newergen".text = "newergen";
 35      };
 36    };
 37
 38  testScript = # python
 39    ''
 40      newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip()
 41
 42      with subtest("/run/nixos-etc-metadata/ is mounted"):
 43        print(machine.succeed("mountpoint /run/nixos-etc-metadata"))
 44
 45      with subtest("No temporary files leaked into stage 2"):
 46        machine.succeed("[ ! -e /etc-metadata-image ]")
 47        machine.succeed("[ ! -e /etc-basedir ]")
 48
 49      with subtest("/etc is mounted as an overlay"):
 50        machine.succeed("findmnt --kernel --type overlay /etc")
 51
 52      with subtest("direct symlinks point to the target without indirection"):
 53        assert machine.succeed("readlink -n /etc/localtime") == "/etc/zoneinfo/Utc"
 54
 55      with subtest("/etc/mtab points to the right file"):
 56        assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
 57
 58      with subtest("Correct mode on the source password files"):
 59        assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/passwd") == "644\n"
 60        assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/group") == "644\n"
 61        assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/shadow") == "0\n"
 62        assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/gshadow") == "0\n"
 63
 64      with subtest("Password files are symlinks to /var/lib/nixos/etc"):
 65        assert machine.succeed("readlink -f /etc/passwd") == "/var/lib/nixos/etc/passwd\n"
 66        assert machine.succeed("readlink -f /etc/group") == "/var/lib/nixos/etc/group\n"
 67        assert machine.succeed("readlink -f /etc/shadow") == "/var/lib/nixos/etc/shadow\n"
 68        assert machine.succeed("readlink -f /etc/gshadow") == "/var/lib/nixos/etc/gshadow\n"
 69
 70      with subtest("switching to the same generation"):
 71        machine.succeed("/run/current-system/bin/switch-to-configuration test")
 72
 73      with subtest("the initrd didn't get rebuilt"):
 74        machine.succeed("test /run/current-system/initrd -ef /run/current-system/specialisation/new-generation/initrd")
 75
 76      with subtest("switching to a new generation"):
 77        machine.fail("stat /etc/newgen")
 78
 79        machine.succeed("mount -t tmpfs tmpfs /etc/mountpoint")
 80        machine.succeed("touch /etc/mountpoint/extra-file")
 81        machine.succeed("mount --bind /dev/null /etc/filemount")
 82
 83        machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
 84
 85        assert machine.succeed("cat /etc/newgen") == "newgen"
 86
 87        print(machine.succeed("findmnt /etc/mountpoint"))
 88        print(machine.succeed("ls /etc/mountpoint"))
 89        print(machine.succeed("stat /etc/mountpoint/extra-file"))
 90        print(machine.succeed("findmnt /etc/filemount"))
 91
 92        machine.succeed(f"{newergen} switch")
 93
 94        tmpMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc\\..*'").rstrip()
 95        print(tmpMounts)
 96        metaMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc-metadata.*'").rstrip()
 97        print(metaMounts)
 98
 99        numOfTmpMounts = len(tmpMounts.splitlines())
100        numOfMetaMounts = len(metaMounts.splitlines())
101        assert numOfTmpMounts == 0, f"Found {numOfTmpMounts} remaining tmpmounts"
102        assert numOfMetaMounts == 1, f"Found {numOfMetaMounts} remaining metamounts"
103    '';
104}