Fix tests work with the NixOS 23.05 test driver, fix translation step of managed-process units, fix s6-rc deployments in Docker containers

2023-09-19 00:49:28 +02:00 · 2023-09-19 00:49:28 +02:00 · f0dab5bcef
parent 78ba5f6b1f
commit f0dab5bcef
14 changed files with 97 additions and 24 deletions
--- a/nixproc/create-image-from-steps/steps/basic.nix
+++ b/nixproc/create-image-from-steps/steps/basic.nix
@ -12,7 +12,7 @@ result // {
    ln -s ../run /var/run

    # Always create nobody/nogroup
-    groupadd -g 65534 -r nogroup
-    useradd -u 65534 -r nobody -g nogroup -d /dev/null
+    groupadd -g 999 -r nogroup
+    useradd -u 999 -r nobody -g nogroup -d /dev/null
  '';
 }
--- a/nixproc/create-image-from-steps/steps/su-pam.nix
+++ b/nixproc/create-image-from-steps/steps/su-pam.nix
@ -2,8 +2,6 @@

 result // {
  runAsRoot = result.runAsRoot or "" + ''
-    ${pkgs.gnused}/bin/sed -i -e "s/CREATE_MAIL_SPOOL=yes/CREATE_MAIL_SPOOL=no/" /etc/default/useradd
-
    mkdir -p /etc/pam.d
    cat > /etc/pam.d/su <<EOF
    account required pam_unix.so
@ -15,6 +13,20 @@ result // {
    EOF

    sed -i -e "s|PATH=/bin:/usr/bin|PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin|" /etc/login.defs
+
+    cat > /etc/nsswitch.conf <<EOF
+    passwd:    files
+    group:     files [success=merge]
+    shadow:    files
+
+    hosts:     mymachines files myhostname dns
+    networks:  files
+
+    ethers:    files
+    services:  files
+    protocols: files
+    rpc:       files
+    EOF
  '';

  contents = result.contents or [] ++ [ pkgs.su pkgs.shadow ];
--- a/nixproc/create-managed-process/agnostic/create-managed-process-from-config.nix
+++ b/nixproc/create-managed-process/agnostic/create-managed-process-from-config.nix
@ -17,9 +17,22 @@ let
        inherit pkgs stateDir runtimeDir logDir tmpDir forceDisableUserChange processManager;
      };

-      properties = builtins.fromJSON (builtins.readFile configFile);
+      configFileString = builtins.readFile configFile;

-      normalizedProperties = properties // pkgs.lib.optionalAttrs (properties ? dependencies) {
+      properties = builtins.fromJSON (builtins.unsafeDiscardStringContext configFileString);
+
+      # This attribute is a hack. It readds the dependencies of the JSON file as context to a frequently used string property so that the generated configuration artifact retains the runtime dependencies of the original JSON file.
+      # This hack is needed because builtins.fromJSON can't work with strings that have context.
+
+      propertiesWithContext = properties // pkgs.lib.optionalAttrs (properties ? process) {
+        process = pkgs.lib.addContextFrom configFileString properties.process;
+      } // pkgs.lib.optionalAttrs (properties ? foregroundProcess) {
+        foregroundProcess = pkgs.lib.addContextFrom configFileString properties.foregroundProcess;
+      } // pkgs.lib.optionalAttrs (properties ? daemon) {
+        daemon = pkgs.lib.addContextFrom configFileString properties.daemon;
+      };
+
+      normalizedProperties = propertiesWithContext // pkgs.lib.optionalAttrs (properties ? dependencies) {
        dependencies = map (dependency: createManagedProcessFromConfig "${dependency}/${builtins.substring 33 (builtins.stringLength dependency) (baseNameOf dependency)}.json") properties.dependencies;
      };
    in
--- a/tests/multi-process-images.nix
+++ b/tests/multi-process-images.nix
@ -28,13 +28,15 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} SYSTEMD_TARGET_DIR=/etc/systemd-mutable/system";
 in
 makeTest {
-  machine =
+  name = "multi-process-images";
+
+  nodes.machine =
    {pkgs, ...}:

    {
      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ dockerProcessEnv ];
      virtualisation.writableStore = true;
-      virtualisation.diskSize = 4096;
+      virtualisation.diskSize = 8192;
      virtualisation.memorySize = 8192;

      dysnomia = {
@ -57,7 +59,7 @@ makeTest {
    # Deploy Docker as a systemd unit

    machine.succeed(
-        "${env} nixproc-systemd-switch ${nix-processmgmt}/tests/processes-docker.nix"
+        "${env} nixproc-systemd-switch ${nix-processmgmt}/nixproc/backends/docker/test-module/processes-docker.nix"
    )

    machine.wait_for_unit("nix-process-docker")
--- a/tests/webapps-agnostic-config.nix
+++ b/tests/webapps-agnostic-config.nix
@ -22,11 +22,13 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs}";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-config";
+
+  nodes.machine =
    {pkgs, ...}:

    {
-      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [
+      virtualisation.additionalPaths = [ pkgs.stdenv pkgs.stdenvNoCC ] ++ pkgs.coreutils.all ++ [
        webappUnprivilegedAutoModeConfig
        webappUnprivilegedAutoModeSysvinit
      ];
--- a/tests/webapps-agnostic-disnix.nix
+++ b/tests/webapps-agnostic-disnix.nix
@ -49,11 +49,20 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} DISNIX_DATA_DIR=${disnixDataDir}";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-disnix";
+
+  nodes.machine =
    {pkgs, ...}:

    {
-      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ processesEnvForeground processesEnvDaemon processesEnvAuto processesEnvAdvanced processesEnvNoUserChange processesEnvEmpty ];
+      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [
+        processesEnvForeground
+        processesEnvDaemon
+        processesEnvAuto
+        processesEnvAdvanced
+        processesEnvNoUserChange
+        processesEnvEmpty
+      ];
      virtualisation.writableStore = true;
      virtualisation.memorySize = 1024;

--- a/tests/webapps-agnostic-docker.nix
+++ b/tests/webapps-agnostic-docker.nix
@ -7,7 +7,6 @@ let

  dockerProcessEnv = import ../nixproc/backends/systemd/build-systemd-env.nix {
    exprFile = ../nixproc/backends/docker/test-module/processes-docker.nix;
-    inherit stateDir;
  };

  processesEnvForeground = import ../nixproc/backends/docker/build-docker-env.nix {
@ -56,11 +55,21 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} SYSTEMD_TARGET_DIR=/etc/systemd-mutable/system";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-docker";
+
+  nodes.machine =
    {pkgs, ...}:

    {
-      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ dockerProcessEnv processesEnvForeground processesEnvDaemon processesEnvAuto processesEnvAdvanced processesEnvUnprivileged processesEnvEmpty ];
+      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [
+        dockerProcessEnv
+        processesEnvForeground
+        processesEnvDaemon
+        processesEnvAuto
+        processesEnvAdvanced
+        processesEnvUnprivileged
+        processesEnvEmpty
+      ];
      virtualisation.writableStore = true;
      virtualisation.memorySize = 8192;
      virtualisation.diskSize = 4096;
--- a/tests/webapps-agnostic-s6-rc.nix
+++ b/tests/webapps-agnostic-s6-rc.nix
@ -45,7 +45,9 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} SYSTEMD_TARGET_DIR=/etc/systemd-mutable/system";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-s6-rc";
+
+  nodes.machine =
    {pkgs, ...}:

    {
--- a/tests/webapps-agnostic-supervisord-stateless.nix
+++ b/tests/webapps-agnostic-supervisord-stateless.nix
@ -14,7 +14,9 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs}";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-supervisord-stateless";
+
+  nodes.machine =
    {pkgs, ...}:

    {
--- a/tests/webapps-agnostic-supervisord.nix
+++ b/tests/webapps-agnostic-supervisord.nix
@ -45,7 +45,9 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} SYSTEMD_TARGET_DIR=/etc/systemd-mutable/system SUPERVISORD_CONF_DIR=/var/lib/supervisord";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-supervisord";
+
+  nodes.machine =
    {pkgs, ...}:

    {
--- a/tests/webapps-agnostic-systemd-user.nix
+++ b/tests/webapps-agnostic-systemd-user.nix
@ -22,7 +22,9 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} XDG_RUNTIME_DIR=/run/user/1000";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-systemd-user";
+
+  nodes.machine =
    {pkgs, lib, ...}:

    {
--- a/tests/webapps-agnostic-systemd.nix
+++ b/tests/webapps-agnostic-systemd.nix
@ -25,6 +25,11 @@ let
    exprFile = ../examples/webapps-agnostic/processes-advanced.nix;
  };

+  processesEnvUnprivileged = import ../nixproc/backends/systemd/build-systemd-env.nix {
+    exprFile = ../examples/webapps-agnostic/processes.nix;
+    forceDisableUserChange = true;
+  };
+
  processesEnvEmpty = import ../nixproc/backends/systemd/build-systemd-env.nix {
    exprFile = null;
  };
@ -36,11 +41,20 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs} SYSTEMD_TARGET_DIR=/etc/systemd-mutable/system";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-systemd";
+
+  nodes.machine =
    {pkgs, ...}:

    {
-      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ processesEnvForeground processesEnvDaemon processesEnvAuto processesEnvAdvanced processesEnvEmpty ];
+      virtualisation.additionalPaths = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [
+        processesEnvForeground
+        processesEnvDaemon
+        processesEnvAuto
+        processesEnvAdvanced
+        processesEnvUnprivileged
+        processesEnvEmpty
+      ];
      virtualisation.writableStore = true;
      virtualisation.memorySize = 1024;

--- a/tests/webapps-agnostic-sysvinit.nix
+++ b/tests/webapps-agnostic-sysvinit.nix
@ -61,7 +61,9 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs}";
 in
 makeTest {
-  machine =
+  name = "webapps-agnostic-sysvinit";
+
+  nodes.machine =
    {pkgs, ...}:

    {
--- a/tests/webapps-sysvinit.nix
+++ b/tests/webapps-sysvinit.nix
@ -45,7 +45,9 @@ let
  env = "NIX_PATH=nixpkgs=${nixpkgs}";
 in
 makeTest {
-  machine =
+  name = "webapps-sysvinit";
+
+  nodes.machine =
    {pkgs, ...}:

    {