commit dab676b2d7bccee76d005ff1f8a9b01c21718c70 · pyrox.dev/nixpkgs

+12

nixos/doc/manual/development/writing-nixos-tests.xml

···

       362
       362
        
          </varlistentry>

     

       363
       363
        
          <varlistentry>

     

       364
       364
        
           <term>

     

       365
       365
       +
            <methodname>wait_for_console_text</methodname>

     

       366
       366
       +
           </term>

     

       367
       367
       +
           <listitem>

     

       368
       368
       +
            <para>

     

       369
       369
       +
             Wait until the supplied regular expressions match a line of the serial

     

       370
       370
       +
             console output. This method is useful when OCR is not possibile or

     

       371
       371
       +
             accurate enough.

     

       372
       372
       +
            </para>

     

       373
       373
       +
           </listitem>

     

       374
       374
       +
          </varlistentry>

     

       375
       375
       +
          <varlistentry>

     

       376
       376
       +
           <term>

     

       365
       377
        
            <methodname>wait_for_window</methodname>

     

       366
       378
        
           </term>

     

       367
       379
        
           <listitem>

+23

nixos/lib/test-driver/test-driver.py

···

       3
       3
        
       from queue import Queue, Empty

     

       4
       4
        
       from typing import Tuple, Any, Callable, Dict, Iterator, Optional, List

     

       5
       5
        
       from xml.sax.saxutils import XMLGenerator

     

       6
       6
       +
       import queue

     

       7
       7
       +
       import io

     

       6
       8
        
       import _thread

     

       7
       9
        
       import argparse

     

       8
       10
        
       import atexit

     
···

       672
       674
        
               with self.nested("waiting for {} to appear on screen".format(regex)):

     

       673
       675
        
                   retry(screen_matches)

     

       674
       676
        
       

     

       677
       677
       +
           def wait_for_console_text(self, regex: str) -> None:

     

       678
       678
       +
               self.log("waiting for {} to appear on console".format(regex))

     

       679
       679
       +
               # Buffer the console output, this is needed

     

       680
       680
       +
               # to match multiline regexes.

     

       681
       681
       +
               console = io.StringIO()

     

       682
       682
       +
               while True:

     

       683
       683
       +
                   try:

     

       684
       684
       +
                       console.write(self.last_lines.get())

     

       685
       685
       +
                   except queue.Empty:

     

       686
       686
       +
                       self.sleep(1)

     

       687
       687
       +
                       continue

     

       688
       688
       +
                   console.seek(0)

     

       689
       689
       +
                   matches = re.search(regex, console.read())

     

       690
       690
       +
                   if matches is not None:

     

       691
       691
       +
                       return

     

       692
       692
       +
       

     

       675
       693
        
           def send_key(self, key: str) -> None:

     

       676
       694
        
               key = CHAR_TO_KEY.get(key, key)

     

       677
       695
        
               self.send_monitor_command("sendkey {}".format(key))

     
···

       735
       753
        
               self.monitor, _ = self.monitor_socket.accept()

     

       736
       754
        
               self.shell, _ = self.shell_socket.accept()

     

       737
       755
        
       

     

       756
       756
       +
               # Store last serial console lines for use

     

       757
       757
       +
               # of wait_for_console_text

     

       758
       758
       +
               self.last_lines: Queue = Queue()

     

       759
       759
       +
       

     

       738
       760
        
               def process_serial_output() -> None:

     

       739
       761
        
                   assert self.process.stdout is not None

     

       740
       762
        
                   for _line in self.process.stdout:

     

       741
       763
        
                       # Ignore undecodable bytes that may occur in boot menus

     

       742
       764
        
                       line = _line.decode(errors="ignore").replace("\r", "").rstrip()

     

       765
       765
       +
                       self.last_lines.put(line)

     

       743
       766
        
                       eprint("{} # {}".format(self.name, line))

     

       744
       767
        
                       self.logger.enqueue({"msg": line, "machine": self.name})

     

       745
       768

+62

nixos/modules/system/boot/loader/grub/grub.nix

···

       55
       55
        
             storePath = config.boot.loader.grub.storePath;

     

       56
       56
        
             bootloaderId = if args.efiBootloaderId == null then "NixOS${efiSysMountPoint'}" else args.efiBootloaderId;

     

       57
       57
        
             timeout = if config.boot.loader.timeout == null then -1 else config.boot.loader.timeout;

     

       58
       58
       +
             users = if cfg.users == {} || cfg.version != 1 then cfg.users else throw "GRUB version 1 does not support user accounts.";

     

       58
       59
        
             inherit efiSysMountPoint;

     

       59
       60
        
             inherit (args) devices;

     

       60
       61
        
             inherit (efi) canTouchEfiVariables;

     
···

       135
       136
        
                 installed. Can be used instead of <literal>device</literal> to

     

       136
       137
        
                 install GRUB onto multiple devices.

     

       137
       138
        
               '';

     

       139
       139
       +
             };

     

       140
       140
       +
       

     

       141
       141
       +
             users = mkOption {

     

       142
       142
       +
               default = {};

     

       143
       143
       +
               example = {

     

       144
       144
       +
                 root = { hashedPasswordFile = "/path/to/file"; };

     

       145
       145
       +
               };

     

       146
       146
       +
               description = ''

     

       147
       147
       +
                 User accounts for GRUB. When specified, the GRUB command line and

     

       148
       148
       +
                 all boot options except the default are password-protected.

     

       149
       149
       +
                 All passwords and hashes provided will be stored in /boot/grub/grub.cfg,

     

       150
       150
       +
                 and will be visible to any local user who can read this file. Additionally,

     

       151
       151
       +
                 any passwords and hashes provided directly in a Nix configuration

     

       152
       152
       +
                 (as opposed to external files) will be copied into the Nix store, and

     

       153
       153
       +
                 will be visible to all local users.

     

       154
       154
       +
               '';

     

       155
       155
       +
               type = with types; attrsOf (submodule {

     

       156
       156
       +
                 options = {

     

       157
       157
       +
                   hashedPasswordFile = mkOption {

     

       158
       158
       +
                     example = "/path/to/file";

     

       159
       159
       +
                     default = null;

     

       160
       160
       +
                     type = with types; uniq (nullOr str);

     

       161
       161
       +
                     description = ''

     

       162
       162
       +
                       Specifies the path to a file containing the password hash

     

       163
       163
       +
                       for the account, generated with grub-mkpasswd-pbkdf2.

     

       164
       164
       +
                       This hash will be stored in /boot/grub/grub.cfg, and will

     

       165
       165
       +
                       be visible to any local user who can read this file.

     

       166
       166
       +
                     '';

     

       167
       167
       +
                   };

     

       168
       168
       +
                   hashedPassword = mkOption {

     

       169
       169
       +
                     example = "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355";

     

       170
       170
       +
                     default = null;

     

       171
       171
       +
                     type = with types; uniq (nullOr str);

     

       172
       172
       +
                     description = ''

     

       173
       173
       +
                       Specifies the password hash for the account,

     

       174
       174
       +
                       generated with grub-mkpasswd-pbkdf2.

     

       175
       175
       +
                       This hash will be copied to the Nix store, and will be visible to all local users.

     

       176
       176
       +
                     '';

     

       177
       177
       +
                   };

     

       178
       178
       +
                   passwordFile = mkOption {

     

       179
       179
       +
                     example = "/path/to/file";

     

       180
       180
       +
                     default = null;

     

       181
       181
       +
                     type = with types; uniq (nullOr str);

     

       182
       182
       +
                     description = ''

     

       183
       183
       +
                       Specifies the path to a file containing the

     

       184
       184
       +
                       clear text password for the account.

     

       185
       185
       +
                       This password will be stored in /boot/grub/grub.cfg, and will

     

       186
       186
       +
                       be visible to any local user who can read this file.

     

       187
       187
       +
                     '';

     

       188
       188
       +
                   };

     

       189
       189
       +
                   password = mkOption {

     

       190
       190
       +
                     example = "Pa$$w0rd!";

     

       191
       191
       +
                     default = null;

     

       192
       192
       +
                     type = with types; uniq (nullOr str);

     

       193
       193
       +
                     description = ''

     

       194
       194
       +
                       Specifies the clear text password for the account.

     

       195
       195
       +
                       This password will be copied to the Nix store, and will be visible to all local users.

     

       196
       196
       +
                     '';

     

       197
       197
       +
                   };

     

       198
       198
       +
                 };

     

       199
       199
       +
               });

     

       138
       200
        
             };

     

       139
       201
        
       

     

       140
       202
        
             mirroredBoots = mkOption {

+42 -3

nixos/modules/system/boot/loader/grub/install-grub.pl

···

       247
       247
        
       }

     

       248
       248
        
       

     

       249
       249
        
       else {

     

       250
       250
       +
           my @users = ();

     

       251
       251
       +
           foreach my $user ($dom->findnodes('/expr/attrs/attr[@name = "users"]/attrs/attr')) {

     

       252
       252
       +
               my $name = $user->findvalue('@name') or die;

     

       253
       253
       +
               my $hashedPassword = $user->findvalue('./attrs/attr[@name = "hashedPassword"]/string/@value');

     

       254
       254
       +
               my $hashedPasswordFile = $user->findvalue('./attrs/attr[@name = "hashedPasswordFile"]/string/@value');

     

       255
       255
       +
               my $password = $user->findvalue('./attrs/attr[@name = "password"]/string/@value');

     

       256
       256
       +
               my $passwordFile = $user->findvalue('./attrs/attr[@name = "passwordFile"]/string/@value');

     

       257
       257
       +
       

     

       258
       258
       +
               if ($hashedPasswordFile) {

     

       259
       259
       +
                   open(my $f, '<', $hashedPasswordFile) or die "Can't read file '$hashedPasswordFile'!";

     

       260
       260
       +
                   $hashedPassword = <$f>;

     

       261
       261
       +
                   chomp $hashedPassword;

     

       262
       262
       +
               }

     

       263
       263
       +
               if ($passwordFile) {

     

       264
       264
       +
                   open(my $f, '<', $passwordFile) or die "Can't read file '$passwordFile'!";

     

       265
       265
       +
                   $password = <$f>;

     

       266
       266
       +
                   chomp $password;

     

       267
       267
       +
               }

     

       268
       268
       +
       

     

       269
       269
       +
               if ($hashedPassword) {

     

       270
       270
       +
                   if (index($hashedPassword, "grub.pbkdf2.") == 0) {

     

       271
       271
       +
                       $conf .= "\npassword_pbkdf2 $name $hashedPassword";

     

       272
       272
       +
                   }

     

       273
       273
       +
                   else {

     

       274
       274
       +
                       die "Password hash for GRUB user '$name' is not valid!";

     

       275
       275
       +
                   }

     

       276
       276
       +
               }

     

       277
       277
       +
               elsif ($password) {

     

       278
       278
       +
                   $conf .= "\npassword $name $password";

     

       279
       279
       +
               }

     

       280
       280
       +
               else {

     

       281
       281
       +
                   die "GRUB user '$name' has no password!";

     

       282
       282
       +
               }

     

       283
       283
       +
               push(@users, $name);

     

       284
       284
       +
           }

     

       285
       285
       +
           if (@users) {

     

       286
       286
       +
               $conf .= "\nset superusers=\"" . join(' ',@users) . "\"\n";

     

       287
       287
       +
           }

     

       288
       288
       +
       

     

       250
       289
        
           if ($copyKernels == 0) {

     

       251
       290
        
               $conf .= "

     

       252
       291
        
                   " . $grubStore->search;

     
···

       350
       389
        
       }

     

       351
       390
        
       

     

       352
       391
        
       sub addEntry {

     

       353
       353
       -
           my ($name, $path) = @_;

     

       392
       392
       +
           my ($name, $path, $options) = @_;

     

       354
       393
        
           return unless -e "$path/kernel" && -e "$path/initrd";

     

       355
       394
        
       

     

       356
       395
        
           my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel"));

     
···

       396
       435
        
               $conf .= "  " . ($xen ? "module" : "kernel") . " $kernel $kernelParams\n";

     

       397
       436
        
               $conf .= "  " . ($xen ? "module" : "initrd") . " $initrd\n\n";

     

       398
       437
        
           } else {

     

       399
       399
       -
               $conf .= "menuentry \"$name\" {\n";

     

       438
       438
       +
               $conf .= "menuentry \"$name\" " . ($options||"") . " {\n";

     

       400
       439
        
               $conf .= $grubBoot->search . "\n";

     

       401
       440
        
               if ($copyKernels == 0) {

     

       402
       441
        
                   $conf .= $grubStore->search . "\n";

     
···

       413
       452
        
       # Add default entries.

     

       414
       453
        
       $conf .= "$extraEntries\n" if $extraEntriesBeforeNixOS;

     

       415
       454
        
       

     

       416
       416
       -
       addEntry("NixOS - Default", $defaultConfig);

     

       455
       455
       +
       addEntry("NixOS - Default", $defaultConfig, "--unrestricted");

     

       417
       456
        
       

     

       418
       457
        
       $conf .= "$extraEntries\n" unless $extraEntriesBeforeNixOS;

     

       419
       458

nixos/tests/all-tests.nix

···

       126
       126
        
         grafana = handleTest ./grafana.nix {};

     

       127
       127
        
         graphite = handleTest ./graphite.nix {};

     

       128
       128
        
         graylog = handleTest ./graylog.nix {};

     

       129
       129
       +
         grub = handleTest ./grub.nix {};

     

       129
       130
        
         gvisor = handleTest ./gvisor.nix {};

     

       130
       131
        
         hadoop.hdfs = handleTestOn [ "x86_64-linux" ] ./hadoop/hdfs.nix {};

     

       131
       132
        
         hadoop.yarn = handleTestOn [ "x86_64-linux" ] ./hadoop/yarn.nix {};

+60

nixos/tests/grub.nix

···

       1
       1
       +
       import ./make-test-python.nix ({ lib, ... }: {

     

       2
       2
       +
         name = "grub";

     

       3
       3
       +
       

     

       4
       4
       +
         meta = with lib.maintainers; {

     

       5
       5
       +
           maintainers = [ rnhmjoj ];

     

       6
       6
       +
         };

     

       7
       7
       +
       

     

       8
       8
       +
         machine = { ... }: {

     

       9
       9
       +
           virtualisation.useBootLoader = true;

     

       10
       10
       +
       

     

       11
       11
       +
           boot.loader.timeout = null;

     

       12
       12
       +
           boot.loader.grub = {

     

       13
       13
       +
             enable = true;

     

       14
       14
       +
             users.alice.password = "supersecret";

     

       15
       15
       +
       

     

       16
       16
       +
             # OCR is not accurate enough

     

       17
       17
       +
             extraConfig = "serial; terminal_output serial";

     

       18
       18
       +
           };

     

       19
       19
       +
         };

     

       20
       20
       +
       

     

       21
       21
       +
         testScript = ''

     

       22
       22
       +
           def grub_login_as(user, password):

     

       23
       23
       +
               """

     

       24
       24
       +
               Enters user and password to log into GRUB

     

       25
       25
       +
               """

     

       26
       26
       +
               machine.wait_for_console_text("Enter username:")

     

       27
       27
       +
               machine.send_chars(user + "\n")

     

       28
       28
       +
               machine.wait_for_console_text("Enter password:")

     

       29
       29
       +
               machine.send_chars(password + "\n")

     

       30
       30
       +
       

     

       31
       31
       +
       

     

       32
       32
       +
           def grub_select_all_configurations():

     

       33
       33
       +
               """

     

       34
       34
       +
               Selects "All configurations" from the GRUB menu

     

       35
       35
       +
               to trigger a login request.

     

       36
       36
       +
               """

     

       37
       37
       +
               machine.send_monitor_command("sendkey down")

     

       38
       38
       +
               machine.send_monitor_command("sendkey ret")

     

       39
       39
       +
       

     

       40
       40
       +
       

     

       41
       41
       +
           machine.start()

     

       42
       42
       +
       

     

       43
       43
       +
           # wait for grub screen

     

       44
       44
       +
           machine.wait_for_console_text("GNU GRUB")

     

       45
       45
       +
       

     

       46
       46
       +
           grub_select_all_configurations()

     

       47
       47
       +
           with subtest("Invalid credentials are rejected"):

     

       48
       48
       +
               grub_login_as("wronguser", "wrongsecret")

     

       49
       49
       +
               machine.wait_for_console_text("error: access denied.")

     

       50
       50
       +
       

     

       51
       51
       +
           grub_select_all_configurations()

     

       52
       52
       +
           with subtest("Valid credentials are accepted"):

     

       53
       53
       +
               grub_login_as("alice", "supersecret")

     

       54
       54
       +
               machine.send_chars("\n")  # press enter to boot

     

       55
       55
       +
               machine.wait_for_console_text("Linux version")

     

       56
       56
       +
       

     

       57
       57
       +
           with subtest("Machine boots correctly"):

     

       58
       58
       +
               machine.wait_for_unit("multi-user.target")

     

       59
       59
       +
         '';

     

       60
       60
       +
       })