diff options
author | Dominique Martinet <asmadeus@codewreck.org> | 2022-03-02 22:12:45 +0900 |
---|---|---|
committer | Dominique Martinet <asmadeus@codewreck.org> | 2022-04-01 07:09:27 +0900 |
commit | 45ef5c174113c9133250dab82d629d7ab5cdc01b (patch) | |
tree | ea0985a4314593ef2913811792f63443479503fe /nixos/tests | |
parent | e92c05349c6053df22cf21eb9f424251ba2b114f (diff) |
logrotate: add configuration check at build time
Now the service no longer starts immediately, check if the config we generated makes sense as soon as possible. The check isn't perfect because logrotate --debug wants to check users required, there are two problems: - /etc/passwd and /etc/group are sandboxed and we don't have visibility of system users - the check phase runs as nixbld which cannot su to other users and logrotate fails on this Until these two problems can be addressed, users-related checks are filtered out, it's still much better than no check. The check can be disabled with services.logrotate.checkConfig if required (bird also has a preCheck param, to prepare the environment before check, but we can add it if it becomes necessary) Since this makes for very verbose builds, we only show errors: There is no way to control log level, but logrotate hardcodes 'error:' at common log level, so we can use grep, taking care to keep error codes Some manual tests: ───────┬────────────────────────────────────────── │ File: valid-config.conf ───────┼────────────────────────────────────────── 1 │ missingok ───────┴────────────────────────────────────────── logrotate --debug ok grep ok ───────┬────────────────────────────────────────── │ File: postrotate-no-end.conf ───────┼────────────────────────────────────────── 1 │ missingok 2 │ /file { 3 │ postrotate 4 │ test 5 │ } ───────┴────────────────────────────────────────── error: postrotate-no-end.conf:prerotate, postrotate or preremove without endscript ───────┬────────────────────────────────────────── │ File: missing-file.conf ───────┼────────────────────────────────────────── 1 │ "test" { daily } ───────┴────────────────────────────────────────── error: stat of test failed: No such file or directory ───────┬────────────────────────────────────────── │ File: unknown-option.conf ───────┼────────────────────────────────────────── 1 │ some syntax error ───────┴────────────────────────────────────────── logrotate --debug ok error: unknown-option.conf:1 unknown option 'some' -- ignoring line ───────┬────────────────────────────────────────── │ File: unknown-user.conf ───────┼────────────────────────────────────────── 1 │ su notauser notagroup ───────┴────────────────────────────────────────── error: unknown-user.conf:1 unknown user 'notauser' In particular note that logrotate would not error on unknown option (it just ignores the line) but this change makes the check fail.
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/logrotate.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/tests/logrotate.nix b/nixos/tests/logrotate.nix index 3087119c339f9..31592f0a39c58 100644 --- a/nixos/tests/logrotate.nix +++ b/nixos/tests/logrotate.nix @@ -40,6 +40,14 @@ import ./make-test-python.nix ({ pkgs, ... }: rec { postrotate = { postrotate = "touch /dev/null"; }; + # check checkConfig works as expected: there is nothing to check here + # except that the file build passes + checkConf = { + su = "root utmp"; + createolddir = "0750 root utmp"; + create = "root utmp"; + "create " = "0750 root utmp"; + }; # multiple paths should be aggregated multipath = { files = [ "file1" "file2" ]; |