diff options
| author | Dominique Martinet <asmadeus@codewreck.org> | 2022-03-02 22:12:45 +0900 |
|---|---|---|
| committer | Dominique Martinet <asmadeus@codewreck.org> | 2022-04-01 07:09:27 +0900 |
| commit | 45ef5c174113c9133250dab82d629d7ab5cdc01b (patch) | |
| tree | ea0985a4314593ef2913811792f63443479503fe /nixos/tests | |
| parent | e92c05349c6053df22cf21eb9f424251ba2b114f (diff) | |
logrotate: add configuration check at build time
Now the service no longer starts immediately,
check if the config we generated makes sense as soon as possible.
The check isn't perfect because logrotate --debug wants to check
users required, there are two problems:
- /etc/passwd and /etc/group are sandboxed and we don't have
visibility of system users
- the check phase runs as nixbld which cannot su to other users
and logrotate fails on this
Until these two problems can be addressed, users-related checks
are filtered out, it's still much better than no check.
The check can be disabled with services.logrotate.checkConfig
if required
(bird also has a preCheck param, to prepare the environment
before check, but we can add it if it becomes necessary)
Since this makes for very verbose builds, we only show errors:
There is no way to control log level, but logrotate hardcodes
'error:' at common log level, so we can use grep, taking care
to keep error codes
Some manual tests:
───────┬──────────────────────────────────────────
│ File: valid-config.conf
───────┼──────────────────────────────────────────
1 │ missingok
───────┴──────────────────────────────────────────
logrotate --debug ok
grep ok
───────┬──────────────────────────────────────────
│ File: postrotate-no-end.conf
───────┼──────────────────────────────────────────
1 │ missingok
2 │ /file {
3 │ postrotate
4 │ test
5 │ }
───────┴──────────────────────────────────────────
error: postrotate-no-end.conf:prerotate, postrotate or preremove without endscript
───────┬──────────────────────────────────────────
│ File: missing-file.conf
───────┼──────────────────────────────────────────
1 │ "test" { daily }
───────┴──────────────────────────────────────────
error: stat of test failed: No such file or directory
───────┬──────────────────────────────────────────
│ File: unknown-option.conf
───────┼──────────────────────────────────────────
1 │ some syntax error
───────┴──────────────────────────────────────────
logrotate --debug ok
error: unknown-option.conf:1 unknown option 'some' -- ignoring line
───────┬──────────────────────────────────────────
│ File: unknown-user.conf
───────┼──────────────────────────────────────────
1 │ su notauser notagroup
───────┴──────────────────────────────────────────
error: unknown-user.conf:1 unknown user 'notauser'
In particular note that logrotate would not error on unknown option
(it just ignores the line) but this change makes the check fail.
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/logrotate.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/tests/logrotate.nix b/nixos/tests/logrotate.nix index 3087119c339f9..31592f0a39c58 100644 --- a/nixos/tests/logrotate.nix +++ b/nixos/tests/logrotate.nix @@ -40,6 +40,14 @@ import ./make-test-python.nix ({ pkgs, ... }: rec { postrotate = { postrotate = "touch /dev/null"; }; + # check checkConfig works as expected: there is nothing to check here + # except that the file build passes + checkConf = { + su = "root utmp"; + createolddir = "0750 root utmp"; + create = "root utmp"; + "create " = "0750 root utmp"; + }; # multiple paths should be aggregated multipath = { files = [ "file1" "file2" ]; |