diff options
author | Janne Heß <janne@hess.ooo> | 2021-11-06 19:34:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-06 19:34:53 +0100 |
commit | f96b3d468efe1496db623f1b106613c8fd6fc0ad (patch) | |
tree | a74f83ea5b1c9df9ac04236abd60e7fc03817893 /pkgs/tools/networking/openssh | |
parent | 64baf2593dedfef31548b6279c8923e77782652b (diff) | |
parent | 85c63a515d21c8fa27a561a9b8a1db5b18118e39 (diff) |
Merge pull request #140317 from risicle/ris-openssh-tests
Diffstat (limited to 'pkgs/tools/networking/openssh')
-rw-r--r-- | pkgs/tools/networking/openssh/common.nix | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix index fefa80b9c4f6b..ad807c9159796 100644 --- a/pkgs/tools/networking/openssh/common.nix +++ b/pkgs/tools/networking/openssh/common.nix @@ -18,10 +18,12 @@ , libedit , pkg-config , pam +, libredirect , etcDir ? null , withKerberos ? !(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) , libkrb5 , libfido2 +, hostname , nixosTests , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl , linkOpenssl ? true @@ -100,6 +102,58 @@ stdenv.mkDerivation rec { hardeningEnable = [ "pie" ]; + doCheck = true; + checkInputs = optional (!stdenv.isDarwin) hostname; + preCheck = '' + # construct a dummy HOME + export HOME=$(realpath ../dummy-home) + mkdir -p ~/.ssh + + # construct a dummy /etc/passwd file for the sshd under test + # to use to look up the connecting user + DUMMY_PASSWD=$(realpath ../dummy-passwd) + cat > $DUMMY_PASSWD <<EOF + $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL + EOF + + # we need to NIX_REDIRECTS /etc/passwd both for processes + # invoked directly and those invoked by the "remote" session + cat > ~/.ssh/environment.base <<EOF + NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD + LD_PRELOAD=${libredirect}/lib/libredirect.so + EOF + + # use an ssh environment file to ensure environment is set + # up appropriately for build environment even when no shell + # is invoked by the ssh session. otherwise the PATH will + # only contain default unix paths like /bin which we don't + # have in our build environment + cat - regress/test-exec.sh > regress/test-exec.sh.new <<EOF + cp $HOME/.ssh/environment.base $HOME/.ssh/environment + echo "PATH=\$PATH" >> $HOME/.ssh/environment + EOF + mv regress/test-exec.sh.new regress/test-exec.sh + + # explicitly enable the PermitUserEnvironment feature + substituteInPlace regress/test-exec.sh \ + --replace \ + 'cat << EOF > $OBJ/sshd_config' \ + $'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes' + + # some tests want to use files under /bin as example files + for f in regress/sftp-cmds.sh regress/forwarding.sh; do + substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))" + done + + # set up NIX_REDIRECTS for direct invocations + set -a; source ~/.ssh/environment.base; set +a + ''; + # integration tests hard to get working on darwin with its shaky + # sandbox + checkTarget = optional (!stdenv.isDarwin) "t-exec" + # other tests are less demanding of the environment + ++ [ "unit" "file-tests" "interop-tests" ]; + postInstall = '' # Install ssh-copy-id, it's very useful. cp contrib/ssh-copy-id $out/bin/ |