diff options
| author | 06kellyjac <dev@j-k.io> | 2022-10-02 11:43:54 +0100 |
|---|---|---|
| committer | 06kellyjac <dev@j-k.io> | 2022-10-02 11:45:08 +0100 |
| commit | 1a90756aa752aef6d6910eaac29b8e8d7e0f99de (patch) | |
| tree | f9f758954402e45d428037b88c7c023faf8d3a20 /nixos/tests/tracee.nix | |
| parent | 5745e1a01dd9b4f6b2f56ca4b708291d143fc2d6 (diff) | |
tracee: 0.7.0 -> 0.8.3
Also simplified the package since after #176152 the tracee build process can now pass in a -target of bpf without weird overrides
Diffstat (limited to 'nixos/tests/tracee.nix')
| -rw-r--r-- | nixos/tests/tracee.nix | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/nixos/tests/tracee.nix b/nixos/tests/tracee.nix new file mode 100644 index 0000000000000..26d0ada931b1c --- /dev/null +++ b/nixos/tests/tracee.nix @@ -0,0 +1,46 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "tracee-integration"; + nodes = { + machine = { config, pkgs, ... }: { + # EventFilters/trace_only_events_from_new_containers requires docker + # podman with docker compat will suffice + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + + environment.systemPackages = [ + # build the go integration tests as a binary + (pkgs.tracee.overrideAttrs (oa: { + pname = oa.pname + "-integration"; + patches = oa.patches or [] ++ [ + # change the prefix from /usr/bin to /run to find nix processes + ../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch + # skip magic_write test that currently fails + ../../pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch + ]; + buildPhase = '' + runHook preBuild + # just build the static lib we need for the go test binary + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core ./dist/btfhub ./dist/libbpf/libbpf.a + # then compile the tests to be ran later + CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... + runHook postBuild + ''; + doCheck = false; + installPhase = '' + mkdir -p $out/bin + cp $GOPATH/tracee-integration $out/bin + ''; + doInstallCheck = false; + })) + ]; + }; + }; + + testScript = '' + with subtest("run integration tests"): + # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine" + machine.succeed('tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - alpine --change ENTRYPOINT=sleep') + + print(machine.succeed('TRC_BIN="${pkgs.tracee}" tracee-integration -test.v')) + ''; +}) |