From f08b8d6cfabc0ebd47c2ad90e7080619facc1106 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Mon, 10 Oct 2022 08:05:47 +0200 Subject: [PATCH] nixosTests.nscd: test unscd as well This shows that external nss module resolution is broken with unscd. --- nixos/tests/nscd.nix | 143 ++++++++++++++++++++++++++----------------- 1 file changed, 86 insertions(+), 57 deletions(-) diff --git a/nixos/tests/nscd.nix b/nixos/tests/nscd.nix index f9c9fb10e0bd..e3daf31f6dc1 100644 --- a/nixos/tests/nscd.nix +++ b/nixos/tests/nscd.nix @@ -14,80 +14,109 @@ in { name = "nscd"; - nodes.machine = { lib, ... }: { + nodes.machine = { pkgs, ... }: { imports = [ common/user-account.nix ]; networking.extraHosts = '' 2001:db8::1 somehost.test 192.0.2.1 somehost.test ''; + + specialisation = { + withUnscd.configuration = { ... }: { + services.nscd.package = pkgs.unscd; + }; + }; }; - testScript = '' - start_all() - machine.wait_for_unit("default.target") + testScript = { nodes, ... }: + let + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; + in + '' + # Regression test for https://github.com/NixOS/nixpkgs/issues/50273 + def test_dynamic_user(): + with subtest("DynamicUser actually allocates a user"): + assert "iamatest" in machine.succeed( + "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami" + ) - # Regression test for https://github.com/NixOS/nixpkgs/issues/50273 - with subtest("DynamicUser actually allocates a user"): - assert "iamatest" in machine.succeed( - "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami" - ) + # Test resolution of somehost.test with getent', to make sure we go via nscd + def test_host_lookups(): + with subtest("host lookups via nscd"): + # ahosts + output = machine.succeed("${getent'} ahosts somehost.test") + assert "192.0.2.1" in output + assert "2001:db8::1" in output - # Test resolution of somehost.test with getent', to make sure we go via nscd - with subtest("host lookups via nscd"): - # ahosts - output = machine.succeed("${getent'} ahosts somehost.test") - assert "192.0.2.1" in output - assert "2001:db8::1" in output + # ahostsv4 + output = machine.succeed("${getent'} ahostsv4 somehost.test") + assert "192.0.2.1" in output + assert "2001:db8::1" not in output - # ahostsv4 - output = machine.succeed("${getent'} ahostsv4 somehost.test") - assert "192.0.2.1" in output - assert "2001:db8::1" not in output + # ahostsv6 + output = machine.succeed("${getent'} ahostsv6 somehost.test") + assert "192.0.2.1" not in output + assert "2001:db8::1" in output - # ahostsv6 - output = machine.succeed("${getent'} ahostsv6 somehost.test") - assert "192.0.2.1" not in output - assert "2001:db8::1" in output + # reverse lookups (hosts) + assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1") + assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1") - # reverse lookups (hosts) - assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1") - assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1") + # Test host resolution via nss modules works + # We rely on nss-myhostname in this case, which resolves *.localhost and + # _gateway. + # We don't need to use getent' here, as non-glibc nss modules can only be + # discovered via nscd. + def test_nss_myhostname(): + with subtest("nss-myhostname provides hostnames (ahosts)"): + # ahosts + output = machine.succeed("getent ahosts foobar.localhost") + assert "::1" in output + assert "127.0.0.1" in output + # ahostsv4 + output = machine.succeed("getent ahostsv4 foobar.localhost") + assert "::1" not in output + assert "127.0.0.1" in output - # Test host resolution via nss modules works - # We rely on nss-myhostname in this case, which resolves *.localhost and - # _gateway. - # We don't need to use getent' here, as non-glibc nss modules can only be - # discovered via nscd. - with subtest("nss-myhostname provides hostnames (ahosts)"): - # ahosts - output = machine.succeed("getent ahosts foobar.localhost") - assert "::1" in output - assert "127.0.0.1" in output + # ahostsv6 + output = machine.succeed("getent ahostsv6 foobar.localhost") + assert "::1" in output + assert "127.0.0.1" not in output - # ahostsv4 - output = machine.succeed("getent ahostsv4 foobar.localhost") - assert "::1" not in output - assert "127.0.0.1" in output + # ahosts + output = machine.succeed("getent ahosts _gateway") - # ahostsv6 - output = machine.succeed("getent ahostsv6 foobar.localhost") - assert "::1" in output - assert "127.0.0.1" not in output + # returns something like the following: + # 10.0.2.2 STREAM _gateway + # 10.0.2.2 DGRAM + # 10.0.2.2 RAW + # fe80::2 STREAM + # fe80::2 DGRAM + # fe80::2 RAW - # ahosts - output = machine.succeed("getent ahosts _gateway") + # Verify we see both ip addresses + assert "10.0.2.2" in output + assert "fe80::2" in output - # returns something like the following: - # 10.0.2.2 STREAM _gateway - # 10.0.2.2 DGRAM - # 10.0.2.2 RAW - # fe80::2 STREAM - # fe80::2 DGRAM - # fe80::2 RAW + start_all() + machine.wait_for_unit("default.target") - # Verify we see both ip addresses - assert "10.0.2.2" in output - assert "fe80::2" in output - ''; + # Test all tests with glibc-nscd. + test_dynamic_user() + test_host_lookups() + test_nss_myhostname() + + with subtest("unscd"): + machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test') + machine.wait_for_unit("default.target") + + # known to fail, unscd doesn't load external NSS modules + # test_dynamic_user() + + test_host_lookups() + + # known to fail, unscd doesn't load external NSS modules + # test_nss_myhostname() + ''; })