diff options
Diffstat (limited to 'nixos/tests')
80 files changed, 873 insertions, 271 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 64193ed8498cb..eb152cf51a6a8 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -97,6 +97,19 @@ in import ./make-test-python.nix ({ lib, ... }: { }; }; + # Test OCSP Stapling + specialisation.ocsp-stapling.configuration = { pkgs, ... }: { + security.acme.certs."a.example.test" = { + ocspMustStaple = true; + }; + services.nginx.virtualHosts."a.example.com" = { + extraConfig = '' + ssl_stapling on; + ssl_stapling_verify on; + ''; + }; + }; + # Test using Apache HTTPD specialisation.httpd-aliases.configuration = { pkgs, config, lib, ... }: { services.nginx.enable = lib.mkForce false; @@ -163,6 +176,7 @@ in import ./make-test-python.nix ({ lib, ... }: { testScript = {nodes, ...}: let + caDomain = nodes.acme.config.test-support.acme.caDomain; newServerSystem = nodes.webserver.config.system.build.toplevel; switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test"; in @@ -246,6 +260,22 @@ in import ./make-test-python.nix ({ lib, ... }: { return check_connection_key_bits(node, domain, bits, retries - 1) + def check_stapling(node, domain, retries=3): + assert retries >= 0 + + # Pebble doesn't provide a full OCSP responder, so just check the URL + result = node.succeed( + "openssl s_client -CAfile /tmp/ca.crt" + f" -servername {domain} -connect {domain}:443 < /dev/null" + " | openssl x509 -noout -ocsp_uri" + ) + print("OCSP Responder URL:", result) + + if "${caDomain}:4002" not in result.lower(): + time.sleep(1) + return check_stapling(node, domain, retries - 1) + + client.start() dnsserver.start() @@ -253,7 +283,7 @@ in import ./make-test-python.nix ({ lib, ... }: { client.wait_for_unit("default.target") client.succeed( - 'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a' + 'curl --data \'{"host": "${caDomain}", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a' ) acme.start() @@ -262,8 +292,8 @@ in import ./make-test-python.nix ({ lib, ... }: { acme.wait_for_unit("default.target") acme.wait_for_unit("pebble.service") - client.succeed("curl https://acme.test:15000/roots/0 > /tmp/ca.crt") - client.succeed("curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt") + client.succeed("curl https://${caDomain}:15000/roots/0 > /tmp/ca.crt") + client.succeed("curl https://${caDomain}:15000/intermediate-keys/0 >> /tmp/ca.crt") with subtest("Can request certificate with HTTPS-01 challenge"): webserver.wait_for_unit("acme-finished-a.example.test.target") @@ -290,6 +320,11 @@ in import ./make-test-python.nix ({ lib, ... }: { check_connection_key_bits(client, "a.example.test", "384") webserver.succeed("grep testing /var/lib/acme/a.example.test/test") + with subtest("Correctly implements OCSP stapling"): + switch_to(webserver, "ocsp-stapling") + webserver.wait_for_unit("acme-finished-a.example.test.target") + check_stapling(client, "a.example.test") + with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): switch_to(webserver, "slow-startup") webserver.wait_for_unit("acme-finished-slow.example.com.target") diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5512a63e346a0..e2a5263a95de2 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -24,6 +24,7 @@ in _3proxy = handleTest ./3proxy.nix {}; acme = handleTest ./acme.nix {}; agda = handleTest ./agda.nix {}; + ammonite = handleTest ./ammonite.nix {}; atd = handleTest ./atd.nix {}; avahi = handleTest ./avahi.nix {}; avahi-with-resolved = handleTest ./avahi.nix { networkd = true; }; @@ -113,6 +114,7 @@ in fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {}; freeswitch = handleTest ./freeswitch.nix {}; fsck = handleTest ./fsck.nix {}; + ft2-clone = handleTest ./ft2-clone.nix {}; gerrit = handleTest ./gerrit.nix {}; gotify-server = handleTest ./gotify-server.nix {}; grocy = handleTest ./grocy.nix {}; @@ -149,7 +151,6 @@ in hostname = handleTest ./hostname.nix {}; hound = handleTest ./hound.nix {}; hydra = handleTest ./hydra {}; - hydra-db-migration = handleTest ./hydra/db-migration.nix {}; i3wm = handleTest ./i3wm.nix {}; icingaweb2 = handleTest ./icingaweb2.nix {}; iftop = handleTest ./iftop.nix {}; @@ -175,6 +176,7 @@ in kernel-latest = handleTest ./kernel-latest.nix {}; kernel-lts = handleTest ./kernel-lts.nix {}; kernel-testing = handleTest ./kernel-testing.nix {}; + keycloak = discoverTests (import ./keycloak.nix); keymap = handleTest ./keymap.nix {}; knot = handleTest ./knot.nix {}; krb5 = discoverTests (import ./krb5 {}); @@ -242,6 +244,7 @@ in nfs4 = handleTest ./nfs { version = 4; }; nghttpx = handleTest ./nghttpx.nix {}; nginx = handleTest ./nginx.nix {}; + nginx-auth = handleTest ./nginx-auth.nix {}; nginx-etag = handleTest ./nginx-etag.nix {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; @@ -252,6 +255,7 @@ in novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {}; nsd = handleTest ./nsd.nix {}; nzbget = handleTest ./nzbget.nix {}; + oh-my-zsh = handleTest ./oh-my-zsh.nix {}; openarena = handleTest ./openarena.nix {}; openldap = handleTest ./openldap.nix {}; opensmtpd = handleTest ./opensmtpd.nix {}; @@ -309,6 +313,8 @@ in rxe = handleTest ./rxe.nix {}; samba = handleTest ./samba.nix {}; sanoid = handleTest ./sanoid.nix {}; + sbt = handleTest ./sbt.nix {}; + scala = handleTest ./scala.nix {}; sddm = handleTest ./sddm.nix {}; service-runner = handleTest ./service-runner.nix {}; shadowsocks = handleTest ./shadowsocks {}; diff --git a/nixos/tests/ammonite.nix b/nixos/tests/ammonite.nix index 1955e42be5f02..e9f06358e13f6 100644 --- a/nixos/tests/ammonite.nix +++ b/nixos/tests/ammonite.nix @@ -8,7 +8,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { amm = { pkgs, ... }: { - environment.systemPackages = [ pkgs.ammonite ]; + environment.systemPackages = [ (pkgs.ammonite.override { jre = pkgs.jre8; }) ]; }; }; diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix index 66cff3009f7de..c1a9114a40f6f 100644 --- a/nixos/tests/avahi.nix +++ b/nixos/tests/avahi.nix @@ -2,10 +2,11 @@ , config ? {} , pkgs ? import ../.. { inherit system config; } # bool: whether to use networkd in the tests -, networkd ? false }: +, networkd ? false +} @ args: # Test whether `avahi-daemon' and `libnss-mdns' work as expected. -import ./make-test-python.nix ({ ... } : { +import ./make-test-python.nix { name = "avahi"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco ]; @@ -75,4 +76,4 @@ import ./make-test-python.nix ({ ... } : { two.succeed("avahi-browse -r -t _ssh._tcp | tee out >&2") two.succeed("test `wc -l < out` -gt 0") ''; -}) +} args diff --git a/nixos/tests/bitcoind.nix b/nixos/tests/bitcoind.nix index 09f3e4a6ec078..9068b29b8e5c1 100644 --- a/nixos/tests/bitcoind.nix +++ b/nixos/tests/bitcoind.nix @@ -31,16 +31,16 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("bitcoind-testnet.service") machine.wait_until_succeeds( - 'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' + 'curl --fail --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' ) machine.wait_until_succeeds( - 'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' + 'curl --fail --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' ) machine.wait_until_succeeds( - 'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' + 'curl --fail --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' ) machine.wait_until_succeeds( - 'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' + 'curl --fail --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' ) ''; }) diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix index 445a7fa6b0b42..f2de34ff2da28 100644 --- a/nixos/tests/caddy.nix +++ b/nixos/tests/caddy.nix @@ -57,11 +57,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { def check_etag(url): etag = webserver.succeed( - "curl -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format(url) + "curl --fail -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format( + url + ) ) etag = etag.replace("\r\n", " ") http_code = webserver.succeed( - "curl --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format( + "curl --fail --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format( etag, url ) ) diff --git a/nixos/tests/cadvisor.nix b/nixos/tests/cadvisor.nix index 60c04f1478003..664aa3ad876af 100644 --- a/nixos/tests/cadvisor.nix +++ b/nixos/tests/cadvisor.nix @@ -19,16 +19,16 @@ import ./make-test-python.nix ({ pkgs, ... } : { testScript = '' start_all() machine.wait_for_unit("cadvisor.service") - machine.succeed("curl http://localhost:8080/containers/") + machine.succeed("curl -f http://localhost:8080/containers/") influxdb.wait_for_unit("influxdb.service") # create influxdb database influxdb.succeed( - 'curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE root"' + 'curl -f -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE root"' ) influxdb.wait_for_unit("cadvisor.service") - influxdb.succeed("curl http://localhost:8080/containers/") + influxdb.succeed("curl -f http://localhost:8080/containers/") ''; }) diff --git a/nixos/tests/cagebreak.nix b/nixos/tests/cagebreak.nix index ecbb69646a933..e5f9a29fb18d8 100644 --- a/nixos/tests/cagebreak.nix +++ b/nixos/tests/cagebreak.nix @@ -5,7 +5,6 @@ let workspaces 1 escape C-t bind t exec env DISPLAY=:0 ${pkgs.xterm}/bin/xterm -cm -pc - bind a exec ${pkgs.alacritty}/bin/alacritty ''; in { @@ -20,7 +19,7 @@ in in { imports = [ ./common/user-account.nix ]; - environment.systemPackages = [ pkgs.cagebreak ]; + environment.systemPackages = [ pkgs.cagebreak pkgs.wallutils ]; services.xserver = { enable = true; displayManager.autoLogin = { @@ -32,7 +31,7 @@ in manage = "desktop"; name = "cagebreak"; start = '' - export XDG_RUNTIME_DIR=/run/user/${toString alice.uid} + export XDG_RUNTIME_DIR="/run/user/${toString alice.uid}" ${pkgs.cagebreak}/bin/cagebreak & waitPID=$! ''; @@ -74,24 +73,20 @@ in testScript = { nodes, ... }: let user = nodes.machine.config.users.users.alice; + XDG_RUNTIME_DIR = "/run/user/${toString user.uid}"; in '' start_all() machine.wait_for_unit("multi-user.target") - machine.wait_for_file("/run/user/${toString user.uid}/wayland-0") + machine.wait_for_file("${XDG_RUNTIME_DIR}/wayland-0") - with subtest("ensure wayland works with alacritty"): - machine.send_key("ctrl-t") - machine.send_key("a") - machine.wait_until_succeeds("pgrep alacritty") - machine.wait_for_text("alice@machine") - machine.screenshot("screen") - machine.send_key("ctrl-d") + with subtest("ensure wayland works with wayinfo from wallutils"): + machine.succeed("env XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR} wayinfo") with subtest("ensure xwayland works with xterm"): machine.send_key("ctrl-t") machine.send_key("t") machine.wait_until_succeeds("pgrep xterm") - machine.wait_for_text("alice@machine") + machine.wait_for_text("${user.name}@machine") machine.screenshot("screen") machine.send_key("ctrl-d") ''; diff --git a/nixos/tests/certmgr.nix b/nixos/tests/certmgr.nix index ef32f54400e30..8f5b89487793b 100644 --- a/nixos/tests/certmgr.nix +++ b/nixos/tests/certmgr.nix @@ -11,7 +11,7 @@ let file = { group = "nginx"; owner = "nginx"; - path = "/tmp/${host}-ca.pem"; + path = "/var/ssl/${host}-ca.pem"; }; label = "www_ca"; profile = "three-month"; @@ -20,13 +20,13 @@ let certificate = { group = "nginx"; owner = "nginx"; - path = "/tmp/${host}-cert.pem"; + path = "/var/ssl/${host}-cert.pem"; }; private_key = { group = "nginx"; mode = "0600"; owner = "nginx"; - path = "/tmp/${host}-key.pem"; + path = "/var/ssl/${host}-key.pem"; }; request = { CN = host; @@ -57,6 +57,8 @@ let services.cfssl.enable = true; systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" ]; + systemd.tmpfiles.rules = [ "d /var/ssl 777 root root" ]; + systemd.services.cfssl-init = { description = "Initialize the cfssl CA"; wantedBy = [ "multi-user.target" ]; @@ -87,8 +89,8 @@ let enable = true; virtualHosts = lib.mkMerge (map (host: { ${host} = { - sslCertificate = "/tmp/${host}-cert.pem"; - sslCertificateKey = "/tmp/${host}-key.pem"; + sslCertificate = "/var/ssl/${host}-cert.pem"; + sslCertificateKey = "/var/ssl/${host}-key.pem"; extraConfig = '' ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ''; @@ -124,16 +126,18 @@ in }; testScript = '' machine.wait_for_unit("cfssl.service") - machine.wait_until_succeeds("ls /tmp/decl.example.org-ca.pem") - machine.wait_until_succeeds("ls /tmp/decl.example.org-key.pem") - machine.wait_until_succeeds("ls /tmp/decl.example.org-cert.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-ca.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-key.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-cert.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-ca.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-key.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-cert.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-ca.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-key.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-cert.pem") machine.wait_for_unit("nginx.service") assert 1 < int(machine.succeed('journalctl -u nginx | grep "Starting Nginx" | wc -l')) - machine.succeed("curl --cacert /tmp/imp.example.org-ca.pem https://imp.example.org") - machine.succeed("curl --cacert /tmp/decl.example.org-ca.pem https://decl.example.org") + machine.succeed("curl --cacert /var/ssl/imp.example.org-ca.pem https://imp.example.org") + machine.succeed( + "curl --cacert /var/ssl/decl.example.org-ca.pem https://decl.example.org" + ) ''; }; diff --git a/nixos/tests/cfssl.nix b/nixos/tests/cfssl.nix index e291fc285fba4..170f09d9b76cc 100644 --- a/nixos/tests/cfssl.nix +++ b/nixos/tests/cfssl.nix @@ -38,7 +38,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { testScript = let cfsslrequest = with pkgs; writeScript "cfsslrequest" '' - curl -X POST -H "Content-Type: application/json" -d @${csr} \ + curl -f -X POST -H "Content-Type: application/json" -d @${csr} \ http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate ''; csr = pkgs.writeText "csr.json" (builtins.toJSON { diff --git a/nixos/tests/cloud-init.nix b/nixos/tests/cloud-init.nix index aafa6e24e84a3..a127be6dd85f1 100644 --- a/nixos/tests/cloud-init.nix +++ b/nixos/tests/cloud-init.nix @@ -7,6 +7,9 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let + inherit (import ./ssh-keys.nix pkgs) + snakeOilPrivateKey snakeOilPublicKey; + metadataDrive = pkgs.stdenv.mkDerivation { name = "metadata"; buildCommand = '' @@ -18,13 +21,19 @@ let - content: | cloudinit path: /tmp/cloudinit-write-file + + users: + - default + - name: nixos + ssh_authorized_keys: + - "${snakeOilPublicKey}" EOF cat << EOF > $out/iso/meta-data instance-id: iid-local01 local-hostname: "test" public-keys: - - "should be a key!" + - "${snakeOilPublicKey}" EOF ${pkgs.cdrkit}/bin/genisoimage -volid cidata -joliet -rock -o $out/metadata.iso $out/iso ''; @@ -34,19 +43,40 @@ in makeTest { meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ lewo ]; }; - machine = - { ... }: - { - virtualisation.qemu.options = [ "-cdrom" "${metadataDrive}/metadata.iso" ]; - services.cloud-init.enable = true; - }; + machine = { ... }: + { + virtualisation.qemu.options = [ "-cdrom" "${metadataDrive}/metadata.iso" ]; + services.cloud-init.enable = true; + services.openssh.enable = true; + networking.hostName = ""; + }; testScript = '' - machine.start() - machine.wait_for_unit("cloud-init.service") - machine.succeed("cat /tmp/cloudinit-write-file | grep -q 'cloudinit'") + machine.wait_for_unit("cloud-init.service") + machine.succeed("cat /tmp/cloudinit-write-file | grep -q 'cloudinit'") + + # install snakeoil ssh key and provision .ssh/config file + machine.succeed("mkdir -p ~/.ssh") + machine.succeed( + "cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil" + ) + machine.succeed("chmod 600 ~/.ssh/id_snakeoil") + + machine.wait_for_unit("sshd.service") + + # we should be able to log in as the root user, as well as the created nixos user + machine.succeed( + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil root@localhost 'true'" + ) + machine.succeed( + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil nixos@localhost 'true'" + ) - machine.wait_until_succeeds( - "cat /root/.ssh/authorized_keys | grep -q 'should be a key!'" - ) + # test changing hostname via cloud-init worked + assert ( + machine.succeed( + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil nixos@localhost 'hostname'" + ).strip() + == "test" + ) ''; } diff --git a/nixos/tests/common/acme/server/README.md b/nixos/tests/common/acme/server/README.md new file mode 100644 index 0000000000000..9de2b2c710292 --- /dev/null +++ b/nixos/tests/common/acme/server/README.md @@ -0,0 +1,21 @@ +# Fake Certificate Authority for ACME testing + +This will set up a test node running [pebble](https://github.com/letsencrypt/pebble) +to serve ACME certificate requests. + +## "Snake oil" certs + +The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235). +The root of the issue is that Nix will hash the derivation based on the arguments +to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will +always generate a random certificate even if the arguments are unchanged. As a +result, it's possible to end up in a situation where the cached and local +generated certs mismatch and cause issues with testing. + +To generate new certificates, run the following commands: + +```bash +nix-build generate-certs.nix +cp result/* . +rm result +``` diff --git a/nixos/tests/common/acme/server/acme.test.cert.pem b/nixos/tests/common/acme/server/acme.test.cert.pem new file mode 100644 index 0000000000000..76b0d916a8175 --- /dev/null +++ b/nixos/tests/common/acme/server/acme.test.cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDLDCCAhSgAwIBAgIIRDAN3FHH//IwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMB4XDTIwMTAyMTEzMjgzNloXDTIyMTEy +MDEzMjgzNlowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9 +Z4Xu5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeH +pImHO/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCN +Xf/LjIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/l +EnHrkcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOY +H+RfQfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABo3YwdDAOBgNVHQ8B +Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB +/wQCMAAwHwYDVR0jBBgwFoAU+8IZlLV/Qp5CXqpXMLvtxWlxcJwwFAYDVR0RBA0w +C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQB0pe8I5/VDkB5VMgQB2GJV +GKzyigfWbVez9uLmqMj9PPP/zzYKSYeq+91aMuOZrnH7NqBxSTwanULkmqAmhbJJ +YkXw+FlFekf9FyxcuArzwzzNZDSGcjcdXpN8S2K1qkBd00iSJF9kU7pdZYCIKR20 +QirdBrELEfsJ3GU62a6N3a2YsrisZUvq5TbjGJDcytAtt+WG3gmV7RInLdFfPwbw +bEHPCnx0uiV0nxLjd/aVT+RceVrFQVt4hR99jLoMlBitSKluZ1ljsrpIyroBhQT0 +pp/pVi6HJdijG0fsPrC325NEGAwcpotLUhczoeM/rffKJd54wLhDkfYxOyRZXivs +-----END CERTIFICATE----- diff --git a/nixos/tests/common/acme/server/acme.test.key.pem b/nixos/tests/common/acme/server/acme.test.key.pem new file mode 100644 index 0000000000000..741df99a372e3 --- /dev/null +++ b/nixos/tests/common/acme/server/acme.test.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9Z4Xu +5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeHpImH +O/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCNXf/L +jIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/lEnHr +kcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOYH+Rf +QfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABAoIBADox/2FwVFo8ioS4 +R+Ex5OZjMAcjU6sX/516jTmlT05q2+UFerYgqB/YqXqtW/V9/brulN8VhmRRuRbO +grq9TBu5o3hMDK0f18EkZB/MBnLbx594H033y6gEkPBZAyhRYtuNOEH3VwxdZhtW +1Lu1EoiYSUqLcNMBy6+KWJ8GRaXyacMYBlj2lMHmyzkA/t1+2mwTGC3lT6zN0F5Y +E5umXOxsn6Tb6q3KM9O5IvtmMMKpgj4HIHZLZ6j40nNgHwGRaAv4Sha/vx0DeBw3 +6VlNiTTPdShEkhESlM5/ocqTfI92VHJpM5gkqTYOWBi2aKIPfAopXoqoJdWl4pQ/ +NCFIu2ECgYEAzntNKIcQtf0ewe0/POo07SIFirvz6jVtYNMTzeQfL6CoEjYArJeu +Vzc4wEQfA4ZFVerBb1/O6M449gI3zex1PH4AX0h8q8DSjrppK1Jt2TnpVh97k7Gg +Tnat/M/yW3lWYkcMVJJ3AYurXLFTT1dYP0HvBwZN04yInrEcPNXKfmcCgYEAywyJ +51d4AE94PrANathKqSI/gk8sP+L1gzylZCcUEAiGk/1r45iYB4HN2gvWbS+CvSdp +F7ShlDWrTaNh2Bm1dgTjc4pWb4J+CPy/KN2sgLwIuM4+ZWIZmEDcio6khrM/gNqK +aR7xUsvWsqU26O84woY/xR8IHjSNF7cFWE1H2c8CgYEAt6SSi2kVQ8dMg84uYE8t +o3qO00U3OycpkOQqyQQLeKC62veMwfRl6swCfX4Y11mkcTXJtPTRYd2Ia8StPUkB +PDwUuKoPt/JXUvoYb59wc7M+BIsbrdBdc2u6cw+/zfutCNuH6/AYSBeg4WAVaIuW +wSwzG1xP+8cR+5IqOzEqWCECgYATweeVTCyQEyuHJghYMi2poXx+iIesu7/aAkex +pB/Oo5W8xrb90XZRnK7UHbzCqRHWqAQQ23Gxgztk9ZXqui2vCzC6qGZauV7cLwPG +zTMg36sVmHP314DYEM+k59ZYiQ6P0jQPoIQo407D2VGrfsOOIhQIcUmP7tsfyJ5L +hlGMfwKBgGq4VNnnuX8I5kl03NpaKfG+M8jEHmVwtI9RkPTCCX9bMjeG0cDxqPTF +TRkf3r8UWQTZ5QfAfAXYAOlZvmGhHjSembRbXMrMdi3rGsYRSrQL6n5NHnORUaMy +FCWo4gyAnniry7tx9dVNgmHmbjEHuQnf8AC1r3dibRCjvJWUiQ8H +-----END RSA PRIVATE KEY----- diff --git a/nixos/tests/common/acme/server/ca.cert.pem b/nixos/tests/common/acme/server/ca.cert.pem new file mode 100644 index 0000000000000..5c33e879b675b --- /dev/null +++ b/nixos/tests/common/acme/server/ca.cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIIeHRvRrNvbGQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMCAXDTIwMTAyMTEzMjgzNloYDzIxMjAx +MDIxMTMyODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3ODc0NmYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrNTzVLDJOKtGYGLU98EEcLKps +tXHCLC6G54LKbEcU80fn+ArX8qsPSHyhdXQkcYjq6Vh/EDJ1TctyRSnvAjwyG4Aa +1Zy1QFc/JnjMjvzimCkUc9lQ+wkLwHSM/KGwR1cGjmtQ/EMClZTA0NwulJsXMKVz +bd5asXbq/yJTQ5Ww25HtdNjwRQXTvB7r3IKcY+DsED9CvFvC9oG/ZhtZqZuyyRdC +kFUrrv8WNUDkWSN+lMR6xMx8v0583IN6f11IhX0b+svK98G81B2eswBdkzvVyv9M +unZBO0JuJG8sdM502KhWLmzBC1ZbvgUBF9BumDRpMFH4DCj7+qQ2taWeGyc7AgMB +AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7whmUtX9CnkJe +qlcwu+3FaXFwnDAfBgNVHSMEGDAWgBT7whmUtX9CnkJeqlcwu+3FaXFwnDANBgkq +hkiG9w0BAQsFAAOCAQEARMe1wKmF33GjEoLLw0oDDS4EdAv26BzCwtrlljsEtwQN +95oSzUNd6o4Js7WCG2o543OX6cxzM+yju8TES3+vJKDgsbNMU0bWCv//tdrb0/G8 +OkU3Kfi5q4fOauZ1pqGv/pXdfYhZ5ieB/zwis3ykANe5JfB0XqwCb1Vd0C3UCIS2 +NPKngRwNSzphIsbzfvxGDkdM1enuGl5CVyDhrwTMqGaJGDSOv6U5jKFxKRvigqTN +Ls9lPmT5NXYETduWLBR3yUIdH6kZXrcozZ02B9vjOB2Cv4RMDc+9eM30CLIWpf1I +097e7JkhzxFhfC/bMMt3P1FeQc+fwH91wdBmNi7tQw== +-----END CERTIFICATE----- diff --git a/nixos/tests/common/acme/server/ca.key.pem b/nixos/tests/common/acme/server/ca.key.pem new file mode 100644 index 0000000000000..ed46f5dccf467 --- /dev/null +++ b/nixos/tests/common/acme/server/ca.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqzU81SwyTirRmBi1PfBBHCyqbLVxwiwuhueCymxHFPNH5/gK +1/KrD0h8oXV0JHGI6ulYfxAydU3LckUp7wI8MhuAGtWctUBXPyZ4zI784pgpFHPZ +UPsJC8B0jPyhsEdXBo5rUPxDApWUwNDcLpSbFzClc23eWrF26v8iU0OVsNuR7XTY +8EUF07we69yCnGPg7BA/QrxbwvaBv2YbWambsskXQpBVK67/FjVA5FkjfpTEesTM +fL9OfNyDen9dSIV9G/rLyvfBvNQdnrMAXZM71cr/TLp2QTtCbiRvLHTOdNioVi5s +wQtWW74FARfQbpg0aTBR+Awo+/qkNrWlnhsnOwIDAQABAoIBAA3ykVkgd5ysmlSU +trcsCnHcJaojgff6l3PACoSpG4VWaGY6a8+54julgRm6MtMBONFCX0ZCsImj484U +Wl0xRmwil2YYPuL5MeJgJPktMObY1IfpBCw3tz3w2M3fiuCMf0d2dMGtO1xLiUnH ++hgFXTkfamsj6ThkOrbcQBSebeRxbKM5hqyCaQoieV+0IJnyxUVq/apib8N50VsH +SHd4oqLUuEZgg6N70+l5DpzedJUb4nrwS/KhUHUBgnoPItYBCiGPmrwLk7fUhPs6 +kTDqJDtc/xW/JbjmzhWEpVvtumcC/OEKULss7HLdeQqwVBrRQkznb0M9AnSra3d0 +X11/Y4ECgYEA3FC8SquLPFb2lHK4+YbJ4Ac6QVWeYFEHiZ0Rj+CmONmjcAvOGLPE +SblRLm3Nbrkxbm8FF6/AfXa/rviAKEVPs5xqGfSDw/3n1uInPcmShiBCLwM/jHH5 +NeVG+R5mTg5zyQ/pQMLWRcs+Ail+ZAnZuoGpW3Cdc8OtCUYFQ7XB6nsCgYEAxvBJ +zFxcTtsDzWbMWXejugQiUqJcEbKWwEfkRbf3J2rAVO2+EFr7LxdRfN2VwPiTQcWc +LnN2QN+ouOjqBMTh3qm5oQY+TLLHy86k9g1k0gXWkMRQgP2ZdfWH1HyrwjLUgLe1 +VezFN7N1azgy6xFkInAAvuA4loxElZNvkGBgekECgYA/Xw26ILvNIGqO6qzgQXAh ++5I7JsiGheg4IjDiBMlrQtbrLMoceuD0H9UFGNplhel9DXwWgxxIOncKejpK2x0A +2fX+/0FDh+4+9hA5ipiV8gN3iGSoHkSDxy5yC9d7jlapt+TtFt4Rd1OfxZWwatDw +/8jaH3t6yAcmyrhK8KYVrwKBgAE5KwsBqmOlvyE9N5Z5QN189wUREIXfVkP6bTHs +jq2EX4hmKdwJ4y+H8i1VY31bSfSGlY5HkXuWpH/2lrHO0CDBZG3UDwADvWzIaYVF +0c/kz0v2mRQh+xaZmus4lQnNrDbaalgL666LAPbW0qFVaws3KxoBYPe0BxvwWyhF +H3LBAoGBAKRRNsq2pWQ8Gqxc0rVoH0FlexU9U2ci3lsLmgEB0A/o/kQkSyAxaRM+ +VdKp3sWfO8o8lX5CVQslCNBSjDTNcat3Co4NEBLg6Xv1yKN/WN1GhusnchP9szsP +oU47gC89QhUyWSd6vvr2z2NG9C3cACxe4dhDSHQcE4nHSldzCKv2 +-----END RSA PRIVATE KEY----- diff --git a/nixos/tests/common/acme/server/default.nix b/nixos/tests/common/acme/server/default.nix index 4d8e664c4e17f..1c3bfdf76b7e7 100644 --- a/nixos/tests/common/acme/server/default.nix +++ b/nixos/tests/common/acme/server/default.nix @@ -51,10 +51,7 @@ # that it has to be started _before_ the ACME service. { config, pkgs, lib, ... }: let - testCerts = import ./snakeoil-certs.nix { - minica = pkgs.minica; - mkDerivation = pkgs.stdenv.mkDerivation; - }; + testCerts = import ./snakeoil-certs.nix; domain = testCerts.domain; resolver = let @@ -70,7 +67,7 @@ let privateKey = testCerts.${domain}.key; httpPort = 80; tlsPort = 443; - ocspResponderURL = "http://0.0.0.0:4002"; + ocspResponderURL = "http://${domain}:4002"; strict = true; }; diff --git a/nixos/tests/common/acme/server/generate-certs.nix b/nixos/tests/common/acme/server/generate-certs.nix new file mode 100644 index 0000000000000..cd8fe0dffca17 --- /dev/null +++ b/nixos/tests/common/acme/server/generate-certs.nix @@ -0,0 +1,29 @@ +# Minica can provide a CA key and cert, plus a key +# and cert for our fake CA server's Web Front End (WFE). +{ + pkgs ? import <nixpkgs> {}, + minica ? pkgs.minica, + mkDerivation ? pkgs.stdenv.mkDerivation +}: +let + conf = import ./snakeoil-certs.nix; + domain = conf.domain; +in mkDerivation { + name = "test-certs"; + buildInputs = [ minica ]; + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + minica \ + --ca-key ca.key.pem \ + --ca-cert ca.cert.pem \ + --domains ${domain} + ''; + + installPhase = '' + mkdir -p $out + mv ca.*.pem $out/ + mv ${domain}/key.pem $out/${domain}.key.pem + mv ${domain}/cert.pem $out/${domain}.cert.pem + ''; +} diff --git a/nixos/tests/common/acme/server/snakeoil-certs.nix b/nixos/tests/common/acme/server/snakeoil-certs.nix index 4b6a38b8fa307..11c3f7fc9290c 100644 --- a/nixos/tests/common/acme/server/snakeoil-certs.nix +++ b/nixos/tests/common/acme/server/snakeoil-certs.nix @@ -1,37 +1,13 @@ -# Minica can provide a CA key and cert, plus a key -# and cert for our fake CA server's Web Front End (WFE). -{ minica, mkDerivation }: let domain = "acme.test"; - - selfSignedCertData = mkDerivation { - name = "test-certs"; - buildInputs = [ minica ]; - phases = [ "buildPhase" "installPhase" ]; - - buildPhase = '' - mkdir ca - minica \ - --ca-key ca/key.pem \ - --ca-cert ca/cert.pem \ - --domains ${domain} - chmod 600 ca/* - chmod 640 ${domain}/*.pem - ''; - - installPhase = '' - mkdir -p $out - mv ${domain} ca $out/ - ''; - }; in { inherit domain; ca = { - cert = "${selfSignedCertData}/ca/cert.pem"; - key = "${selfSignedCertData}/ca/key.pem"; + cert = ./ca.cert.pem; + key = ./ca.key.pem; }; "${domain}" = { - cert = "${selfSignedCertData}/${domain}/cert.pem"; - key = "${selfSignedCertData}/${domain}/key.pem"; + cert = ./. + "/${domain}.cert.pem"; + key = ./. + "/${domain}.key.pem"; }; } diff --git a/nixos/tests/convos.nix b/nixos/tests/convos.nix index b4ff1188fd8be..af2758c857d09 100644 --- a/nixos/tests/convos.nix +++ b/nixos/tests/convos.nix @@ -25,6 +25,6 @@ in machine.wait_for_unit("convos") machine.wait_for_open_port("${toString port}") machine.succeed("journalctl -u convos | grep -q 'Listening at.*${toString port}'") - machine.succeed("curl http://localhost:${toString port}/") + machine.succeed("curl -f http://localhost:${toString port}/") ''; }) diff --git a/nixos/tests/corerad.nix b/nixos/tests/corerad.nix index 37a1e90477a82..638010f92f445 100644 --- a/nixos/tests/corerad.nix +++ b/nixos/tests/corerad.nix @@ -80,7 +80,7 @@ import ./make-test-python.nix ( ), "SLAAC temporary address was not configured on client after router advertisement" with subtest("Verify HTTP debug server is configured"): - out = router.succeed("curl localhost:9430/metrics") + out = router.succeed("curl -f localhost:9430/metrics") assert ( "corerad_build_info" in out diff --git a/nixos/tests/docker-edge.nix b/nixos/tests/docker-edge.nix index 96de885a554ab..703179eef1956 100644 --- a/nixos/tests/docker-edge.nix +++ b/nixos/tests/docker-edge.nix @@ -43,7 +43,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { docker.fail("sudo -u noprivs docker ps") docker.succeed("docker stop sleeping") - # Must match version twice to ensure client and server versions are correct - docker.succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "2" ]') + # Must match version 4 times to ensure client and server git commits and versions are correct + docker.succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "4" ]') ''; }) diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index edb9aec62db30..c1c41b0fc1100 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -115,7 +115,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker load --input='${examples.nginx}'", "docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}", ) - docker.wait_until_succeeds("curl http://localhost:8000/") + docker.wait_until_succeeds("curl -f http://localhost:8000/") docker.succeed( "docker rm --force nginx", "docker rmi '${examples.nginx.imageName}'", ) diff --git a/nixos/tests/ferm.nix b/nixos/tests/ferm.nix index a73c9ce739cf1..112b5f19a7dea 100644 --- a/nixos/tests/ferm.nix +++ b/nixos/tests/ferm.nix @@ -56,6 +56,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { start_all() client.wait_for_unit("network-online.target") + server.wait_for_unit("network-online.target") server.wait_for_unit("ferm.service") server.wait_for_unit("nginx.service") server.wait_until_succeeds("ss -ntl | grep -q 80") diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index 7071baceba739..07e25bd4ca72d 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -11,26 +11,105 @@ import ./make-test-python.nix ({ pkgs, esr ? false, ... }: { environment.systemPackages = (if esr then [ pkgs.firefox-esr ] else [ pkgs.firefox ]) ++ [ pkgs.xdotool ]; + + # Need some more memory to record audio. + virtualisation.memorySize = "500"; + + # Create a virtual sound device, with mixing + # and all, for recording audio. + boot.kernelModules = [ "snd-aloop" ]; + sound.enable = true; + sound.extraConfig = '' + pcm.!default { + type plug + slave.pcm pcm.dmixer + } + pcm.dmixer { + type dmix + ipc_key 1 + slave { + pcm "hw:Loopback,0,0" + rate 48000 + periods 128 + period_time 0 + period_size 1024 + buffer_size 8192 + } + } + pcm.recorder { + type hw + card "Loopback" + device 1 + subdevice 0 + } + ''; + + systemd.services.audio-recorder = { + description = "Record NixOS test audio to /tmp/record.wav"; + script = "${pkgs.alsaUtils}/bin/arecord -D recorder -f S16_LE -r48000 /tmp/record.wav"; + }; + }; testScript = '' + from contextlib import contextmanager + + + @contextmanager + def audio_recording(machine: Machine) -> None: + """ + Perform actions while recording the + machine audio output. + """ + machine.systemctl("start audio-recorder") + yield + machine.systemctl("stop audio-recorder") + + + def wait_for_sound(machine: Machine) -> None: + """ + Wait until any sound has been emitted. + """ + machine.wait_for_file("/tmp/record.wav") + while True: + # Get at most 2M of the recording + machine.execute("tail -c 2M /tmp/record.wav > /tmp/last") + # Get the exact size + size = int(machine.succeed("stat -c '%s' /tmp/last").strip()) + # Compare it against /dev/zero using `cmp` (skipping 50B of WAVE header). + # If some non-NULL bytes are found it returns 1. + status, output = machine.execute( + f"cmp -i 50 -n {size - 50} /tmp/last /dev/zero 2>&1" + ) + if status == 1: + break + machine.sleep(2) + + machine.wait_for_x() - with subtest("wait until Firefox has finished loading the Valgrind docs page"): + with subtest("Wait until Firefox has finished loading the Valgrind docs page"): machine.execute( "xterm -e 'firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' &" ) machine.wait_for_window("Valgrind") machine.sleep(40) + with subtest("Check whether Firefox can play sound"): + with audio_recording(machine): + machine.succeed( + "firefox file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga &" + ) + wait_for_sound(machine) + machine.copy_from_vm("/tmp/record.wav") + + with subtest("Close sound test tab"): + machine.execute("xdotool key ctrl+w") + with subtest("Close default browser prompt"): machine.execute("xdotool key space") - with subtest("Hide default browser window"): - machine.sleep(2) - machine.execute("xdotool key F12") - - with subtest("wait until Firefox draws the developer tool panel"): + with subtest("Wait until Firefox draws the developer tool panel"): machine.sleep(10) machine.succeed("xwininfo -root -tree | grep Valgrind") machine.screenshot("screen") diff --git a/nixos/tests/ft2-clone.nix b/nixos/tests/ft2-clone.nix new file mode 100644 index 0000000000000..c877054234ec8 --- /dev/null +++ b/nixos/tests/ft2-clone.nix @@ -0,0 +1,35 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "ft2-clone"; + meta = with pkgs.lib.maintainers; { + maintainers = [ fgaz ]; + }; + + machine = { config, pkgs, ... }: { + imports = [ + ./common/x11.nix + ]; + + services.xserver.enable = true; + sound.enable = true; + environment.systemPackages = [ pkgs.ft2-clone ]; + }; + + enableOCR = true; + + testScript = + '' + machine.wait_for_x() + # Add a dummy sound card, or the program won't start + machine.execute("modprobe snd-dummy") + + machine.execute("ft2-clone &") + + machine.wait_for_window(r"Fasttracker") + machine.sleep(5) + # One of the few words that actually get recognized + if "Songlen" not in machine.get_screen_text(): + raise Exception("Program did not start successfully") + machine.screenshot("screen") + ''; +}) + diff --git a/nixos/tests/go-neb.nix b/nixos/tests/go-neb.nix index d9e5db0b4a534..531ab5a66714e 100644 --- a/nixos/tests/go-neb.nix +++ b/nixos/tests/go-neb.nix @@ -34,7 +34,7 @@ import ./make-test-python.nix ({ pkgs, ... }: start_all() server.wait_for_unit("go-neb.service") server.wait_until_succeeds( - "curl -L http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U" + "curl -fL http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U" ) server.wait_until_succeeds( "journalctl -eu go-neb -o cat | grep -q service_id=wikipedia_service" diff --git a/nixos/tests/hadoop/hdfs.nix b/nixos/tests/hadoop/hdfs.nix index 85aaab34b158f..f1f98ed42eb31 100644 --- a/nixos/tests/hadoop/hdfs.nix +++ b/nixos/tests/hadoop/hdfs.nix @@ -48,7 +48,7 @@ import ../make-test-python.nix ({...}: { datanode.wait_for_open_port(9866) datanode.wait_for_open_port(9867) - namenode.succeed("curl http://namenode:9870") - datanode.succeed("curl http://datanode:9864") + namenode.succeed("curl -f http://namenode:9870") + datanode.succeed("curl -f http://datanode:9864") ''; }) diff --git a/nixos/tests/hadoop/yarn.nix b/nixos/tests/hadoop/yarn.nix index 2264ecaff1555..01077245d3973 100644 --- a/nixos/tests/hadoop/yarn.nix +++ b/nixos/tests/hadoop/yarn.nix @@ -40,7 +40,7 @@ import ../make-test-python.nix ({...}: { nodemanager.wait_for_open_port(8042) nodemanager.wait_for_open_port(8041) - resourcemanager.succeed("curl http://localhost:8088") - nodemanager.succeed("curl http://localhost:8042") + resourcemanager.succeed("curl -f http://localhost:8088") + nodemanager.succeed("curl -f http://localhost:8042") ''; }) diff --git a/nixos/tests/haproxy.nix b/nixos/tests/haproxy.nix index ffb77c052a24b..2c3878131b68b 100644 --- a/nixos/tests/haproxy.nix +++ b/nixos/tests/haproxy.nix @@ -39,9 +39,9 @@ import ./make-test-python.nix ({ pkgs, ...}: { machine.wait_for_unit("multi-user.target") machine.wait_for_unit("haproxy.service") machine.wait_for_unit("httpd.service") - assert "We are all good!" in machine.succeed("curl -k http://localhost:80/index.txt") + assert "We are all good!" in machine.succeed("curl -fk http://localhost:80/index.txt") assert "haproxy_process_pool_allocated_bytes" in machine.succeed( - "curl -k http://localhost:80/metrics" + "curl -fk http://localhost:80/metrics" ) with subtest("reload"): @@ -49,7 +49,7 @@ import ./make-test-python.nix ({ pkgs, ...}: { # wait some time to ensure the following request hits the reloaded haproxy machine.sleep(5) assert "We are all good!" in machine.succeed( - "curl -k http://localhost:80/index.txt" + "curl -fk http://localhost:80/index.txt" ) ''; }) diff --git a/nixos/tests/hitch/default.nix b/nixos/tests/hitch/default.nix index 904d12619d70e..8a2193e75f2ac 100644 --- a/nixos/tests/hitch/default.nix +++ b/nixos/tests/hitch/default.nix @@ -28,6 +28,6 @@ import ../make-test-python.nix ({ pkgs, ... }: machine.wait_for_unit("multi-user.target") machine.wait_for_unit("hitch.service") machine.wait_for_open_port(443) - assert "We are all good!" in machine.succeed("curl -k https://localhost:443/index.txt") + assert "We are all good!" in machine.succeed("curl -fk https://localhost:443/index.txt") ''; }) diff --git a/nixos/tests/hound.nix b/nixos/tests/hound.nix index 27c65abdf27c3..b8b10022bd920 100644 --- a/nixos/tests/hound.nix +++ b/nixos/tests/hound.nix @@ -53,7 +53,7 @@ import ./make-test-python.nix ({ pkgs, ... } : { machine.wait_for_unit("hound.service") machine.wait_for_open_port(6080) machine.wait_until_succeeds( - "curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'" + "curl -f http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'" ) ''; }) diff --git a/nixos/tests/hydra/db-migration.nix b/nixos/tests/hydra/db-migration.nix deleted file mode 100644 index ca65e2e66aa1a..0000000000000 --- a/nixos/tests/hydra/db-migration.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ system ? builtins.currentSystem -, pkgs ? import ../../.. { inherit system; } -, ... -}: - -let inherit (import ./common.nix { inherit system; }) baseConfig; in - -with import ../../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; - -{ mig = makeTest { - name = "hydra-db-migration"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; - - nodes = { - original = { pkgs, lib, ... }: { - imports = [ baseConfig ]; - - # An older version of Hydra before the db change - # for testing purposes. - services.hydra.package = pkgs.hydra-migration.overrideAttrs (old: { - inherit (old) pname; - version = "2020-02-06"; - src = pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "hydra"; - rev = "2b4f14963b16b21ebfcd6b6bfa7832842e9b2afc"; - sha256 = "16q0cffcsfx5pqd91n9k19850c1nbh4vvbd9h8yi64ihn7v8bick"; - }; - }); - }; - - migration_phase1 = { pkgs, lib, ... }: { - imports = [ baseConfig ]; - services.hydra.package = pkgs.hydra-migration; - }; - - finished = { pkgs, lib, ... }: { - imports = [ baseConfig ]; - services.hydra.package = pkgs.hydra-unstable; - }; - }; - - testScript = { nodes, ... }: let - next = nodes.migration_phase1.config.system.build.toplevel; - finished = nodes.finished.config.system.build.toplevel; - in '' - original.start() - original.wait_for_unit("multi-user.target") - original.wait_for_unit("postgresql.service") - original.wait_for_unit("hydra-init.service") - original.require_unit_state("hydra-queue-runner.service") - original.require_unit_state("hydra-evaluator.service") - original.require_unit_state("hydra-notify.service") - original.succeed("hydra-create-user admin --role admin --password admin") - original.wait_for_open_port(3000) - original.succeed("create-trivial-project.sh") - original.wait_until_succeeds( - 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' - ) - - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") - assert "jobset_id" not in out - - original.succeed( - "${next}/bin/switch-to-configuration test >&2" - ) - original.wait_for_unit("hydra-init.service") - - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") - assert "jobset_id|integer|||" in out - - original.succeed("hydra-backfill-ids") - - original.succeed( - "${finished}/bin/switch-to-configuration test >&2" - ) - original.wait_for_unit("hydra-init.service") - - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") - assert "jobset_id|integer||not null|" in out - - original.wait_until_succeeds( - 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' - ) - - original.shutdown() - ''; - }; -} diff --git a/nixos/tests/hydra/default.nix b/nixos/tests/hydra/default.nix index 2336e4033d6dc..e91a1cd3359d9 100644 --- a/nixos/tests/hydra/default.nix +++ b/nixos/tests/hydra/default.nix @@ -11,7 +11,7 @@ let inherit (import ./common.nix { inherit system; }) baseConfig; hydraPkgs = { - inherit (pkgs) hydra-migration hydra-unstable; + inherit (pkgs) hydra-unstable; }; makeHydraTest = with pkgs.lib; name: package: makeTest { diff --git a/nixos/tests/initrd-network-ssh/default.nix b/nixos/tests/initrd-network-ssh/default.nix index 017de6882081d..0ad0563b0ce15 100644 --- a/nixos/tests/initrd-network-ssh/default.nix +++ b/nixos/tests/initrd-network-ssh/default.nix @@ -22,6 +22,10 @@ import ../make-test-python.nix ({ lib, ... }: hostKeys = [ ./ssh_host_ed25519_key ]; }; }; + boot.initrd.extraUtilsCommands = '' + mkdir -p $out/secrets/etc/ssh + cat "${./ssh_host_ed25519_key}" > $out/secrets/etc/ssh/sh_host_ed25519_key + ''; boot.initrd.preLVMCommands = '' while true; do if [ -f fnord ]; then diff --git a/nixos/tests/installed-tests/default.nix b/nixos/tests/installed-tests/default.nix index 889a00d4b5686..50ca8ad2b50fb 100644 --- a/nixos/tests/installed-tests/default.nix +++ b/nixos/tests/installed-tests/default.nix @@ -101,5 +101,6 @@ in libxmlb = callInstalledTest ./libxmlb.nix {}; malcontent = callInstalledTest ./malcontent.nix {}; ostree = callInstalledTest ./ostree.nix {}; + pipewire = callInstalledTest ./pipewire.nix {}; xdg-desktop-portal = callInstalledTest ./xdg-desktop-portal.nix {}; } diff --git a/nixos/tests/installed-tests/pipewire.nix b/nixos/tests/installed-tests/pipewire.nix new file mode 100644 index 0000000000000..f4154b5d2fd7d --- /dev/null +++ b/nixos/tests/installed-tests/pipewire.nix @@ -0,0 +1,5 @@ +{ pkgs, lib, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.pipewire; +} diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix new file mode 100644 index 0000000000000..f448a0f7095f6 --- /dev/null +++ b/nixos/tests/keycloak.nix @@ -0,0 +1,144 @@ +# This tests Keycloak: it starts the service, creates a realm with an +# OIDC client and a user, and simulates the user logging in to the +# client using their Keycloak login. + +let + frontendUrl = "http://keycloak/auth"; + initialAdminPassword = "h4IhoJFnt2iQIR9"; + + keycloakTest = import ./make-test-python.nix ( + { pkgs, databaseType, ... }: + { + name = "keycloak"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ talyz ]; + }; + + nodes = { + keycloak = { ... }: { + virtualisation.memorySize = 1024; + services.keycloak = { + enable = true; + inherit frontendUrl databaseType initialAdminPassword; + databasePasswordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; + }; + environment.systemPackages = with pkgs; [ + xmlstarlet + libtidy + jq + ]; + }; + }; + + testScript = + let + client = { + clientId = "test-client"; + name = "test-client"; + redirectUris = [ "urn:ietf:wg:oauth:2.0:oob" ]; + }; + + user = { + firstName = "Chuck"; + lastName = "Testa"; + username = "chuck.testa"; + email = "chuck.testa@example.com"; + }; + + password = "password1234"; + + realm = { + enabled = true; + realm = "test-realm"; + clients = [ client ]; + users = [( + user // { + enabled = true; + credentials = [{ + type = "password"; + temporary = false; + value = password; + }]; + } + )]; + }; + + realmDataJson = pkgs.writeText "realm-data.json" (builtins.toJSON realm); + + jqCheckUserinfo = pkgs.writeText "check-userinfo.jq" '' + if { + "firstName": .given_name, + "lastName": .family_name, + "username": .preferred_username, + "email": .email + } != ${builtins.toJSON user} then + error("Wrong user info!") + else + empty + end + ''; + in '' + keycloak.start() + keycloak.wait_for_unit("keycloak.service") + keycloak.wait_until_succeeds("curl -sSf ${frontendUrl}") + + + ### Realm Setup ### + + # Get an admin interface access token + keycloak.succeed( + "curl -sSf -d 'client_id=admin-cli' -d 'username=admin' -d 'password=${initialAdminPassword}' -d 'grant_type=password' '${frontendUrl}/realms/master/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >admin_auth_header" + ) + + # Publish the realm, including a test OIDC client and user + keycloak.succeed( + "curl -sSf -H @admin_auth_header -X POST -H 'Content-Type: application/json' -d @${realmDataJson} '${frontendUrl}/admin/realms/'" + ) + + # Generate and save the client secret. To do this we need + # Keycloak's internal id for the client. + keycloak.succeed( + "curl -sSf -H @admin_auth_header '${frontendUrl}/admin/realms/${realm.realm}/clients?clientId=${client.name}' | jq -r '.[].id' >client_id", + "curl -sSf -H @admin_auth_header -X POST '${frontendUrl}/admin/realms/${realm.realm}/clients/'$(<client_id)'/client-secret' | jq -r .value >client_secret", + ) + + + ### Authentication Testing ### + + # Start the login process by sending an initial request to the + # OIDC authentication endpoint, saving the returned page. Tidy + # up the HTML (XmlStarlet is picky) and extract the login form + # post url. + keycloak.succeed( + "curl -sSf -c cookie '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/auth?client_id=${client.name}&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=openid+email&response_type=code&response_mode=query&nonce=qw4o89g3qqm' >login_form", + "tidy -q -m login_form || true", + "xml sel -T -t -m \"_:html/_:body/_:div/_:div/_:div/_:div/_:div/_:div/_:form[@id='kc-form-login']\" -v @action login_form >form_post_url", + ) + + # Post the login form and save the response. Once again tidy up + # the HTML, then extract the authorization code. + keycloak.succeed( + "curl -sSf -L -b cookie -d 'username=${user.username}' -d 'password=${password}' -d 'credentialId=' \"$(<form_post_url)\" >auth_code_html", + "tidy -q -m auth_code_html || true", + "xml sel -T -t -m \"_:html/_:body/_:div/_:div/_:div/_:div/_:div/_:input[@id='code']\" -v @value auth_code_html >auth_code", + ) + + # Exchange the authorization code for an access token. + keycloak.succeed( + "curl -sSf -d grant_type=authorization_code -d code=$(<auth_code) -d client_id=${client.name} -d client_secret=$(<client_secret) -d redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >auth_header" + ) + + # Use the access token on the OIDC userinfo endpoint and check + # that the returned user info matches what we initialized the + # realm with. + keycloak.succeed( + "curl -sSf -H @auth_header '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/userinfo' | jq -f ${jqCheckUserinfo}" + ) + ''; + } + ); +in +{ + postgres = keycloakTest { databaseType = "postgresql"; }; + mysql = keycloakTest { databaseType = "mysql"; }; +} diff --git a/nixos/tests/leaps.nix b/nixos/tests/leaps.nix index ac0c602d44504..ec5b69a76290f 100644 --- a/nixos/tests/leaps.nix +++ b/nixos/tests/leaps.nix @@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: server.wait_for_open_port(6666) client.wait_for_unit("network.target") assert "leaps" in client.succeed( - "${pkgs.curl}/bin/curl http://server:6666/leaps/" + "${pkgs.curl}/bin/curl -f http://server:6666/leaps/" ) ''; }) diff --git a/nixos/tests/limesurvey.nix b/nixos/tests/limesurvey.nix index 7228fcb833155..dad807fb73300 100644 --- a/nixos/tests/limesurvey.nix +++ b/nixos/tests/limesurvey.nix @@ -20,7 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("phpfpm-limesurvey.service") assert "The following surveys are available" in machine.succeed( - "curl http://example.local/" + "curl -f http://example.local/" ) ''; }) diff --git a/nixos/tests/loki.nix b/nixos/tests/loki.nix index dbf1e8a650f5d..eaee717cf87d8 100644 --- a/nixos/tests/loki.nix +++ b/nixos/tests/loki.nix @@ -12,15 +12,28 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: enable = true; configFile = "${pkgs.grafana-loki.src}/cmd/loki/loki-local-config.yaml"; }; - systemd.services.promtail = { - description = "Promtail service for Loki test"; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = '' - ${pkgs.grafana-loki}/bin/promtail --config.file ${pkgs.grafana-loki.src}/cmd/promtail/promtail-local-config.yaml - ''; - DynamicUser = true; + services.promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + clients = [ { url = "http://localhost:3100/loki/api/v1/push"; } ]; + scrape_configs = [ + { + job_name = "system"; + static_configs = [ + { + targets = [ "localhost" ]; + labels = { + job = "varlogs"; + __path__ = "/var/log/*log"; + }; + } + ]; + } + ]; }; }; }; diff --git a/nixos/tests/mailcatcher.nix b/nixos/tests/mailcatcher.nix index 2ef38544fe0a3..a55fba8a9950b 100644 --- a/nixos/tests/mailcatcher.nix +++ b/nixos/tests/mailcatcher.nix @@ -24,7 +24,7 @@ import ./make-test-python.nix ({ lib, ... }: 'echo "this is the body of the email" | mail -s "subject" root@example.org' ) assert "this is the body of the email" in machine.succeed( - "curl http://localhost:1080/messages/1.source" + "curl -f http://localhost:1080/messages/1.source" ) ''; }) diff --git a/nixos/tests/matrix-synapse.nix b/nixos/tests/matrix-synapse.nix index 9ca808721763d..6c8f1e188d528 100644 --- a/nixos/tests/matrix-synapse.nix +++ b/nixos/tests/matrix-synapse.nix @@ -77,12 +77,12 @@ in { start_all() serverpostgres.wait_for_unit("matrix-synapse.service") serverpostgres.wait_until_succeeds( - "curl -L --cacert ${ca_pem} https://localhost:8448/" + "curl --fail -L --cacert ${ca_pem} https://localhost:8448/" ) serverpostgres.require_unit_state("postgresql.service") serversqlite.wait_for_unit("matrix-synapse.service") serversqlite.wait_until_succeeds( - "curl -L --cacert ${ca_pem} https://localhost:8448/" + "curl --fail -L --cacert ${ca_pem} https://localhost:8448/" ) serversqlite.succeed("[ -e /var/lib/matrix-synapse/homeserver.db ]") ''; diff --git a/nixos/tests/mediawiki.nix b/nixos/tests/mediawiki.nix index 008682310cf65..702fefefa1610 100644 --- a/nixos/tests/mediawiki.nix +++ b/nixos/tests/mediawiki.nix @@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_for_unit("phpfpm-mediawiki.service") - page = machine.succeed("curl -L http://localhost/") + page = machine.succeed("curl -fL http://localhost/") assert "MediaWiki has been installed" in page ''; }) diff --git a/nixos/tests/metabase.nix b/nixos/tests/metabase.nix index 1450a4e9086f1..65619cc793a74 100644 --- a/nixos/tests/metabase.nix +++ b/nixos/tests/metabase.nix @@ -15,6 +15,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { start_all() machine.wait_for_unit("metabase.service") machine.wait_for_open_port(3000) - machine.wait_until_succeeds("curl -L http://localhost:3000/setup | grep Metabase") + machine.wait_until_succeeds("curl -fL http://localhost:3000/setup | grep Metabase") ''; }) diff --git a/nixos/tests/morty.nix b/nixos/tests/morty.nix index 64c5a27665d6c..ff30b7c072bb1 100644 --- a/nixos/tests/morty.nix +++ b/nixos/tests/morty.nix @@ -24,7 +24,7 @@ import ./make-test-python.nix ({ pkgs, ... }: '' mortyProxyWithKey.wait_for_unit("default.target") mortyProxyWithKey.wait_for_open_port(3001) - mortyProxyWithKey.succeed("curl -L 127.0.0.1:3001 | grep MortyProxy") + mortyProxyWithKey.succeed("curl -fL 127.0.0.1:3001 | grep MortyProxy") ''; }) diff --git a/nixos/tests/neo4j.nix b/nixos/tests/neo4j.nix index 32ee7f501b8bc..8329e5630d7af 100644 --- a/nixos/tests/neo4j.nix +++ b/nixos/tests/neo4j.nix @@ -15,6 +15,6 @@ import ./make-test-python.nix { master.wait_for_unit("neo4j") master.wait_for_open_port(7474) - master.succeed("curl http://localhost:7474/") + master.succeed("curl -f http://localhost:7474/") ''; } diff --git a/nixos/tests/nginx-auth.nix b/nixos/tests/nginx-auth.nix new file mode 100644 index 0000000000000..c0d24a20ddbcc --- /dev/null +++ b/nixos/tests/nginx-auth.nix @@ -0,0 +1,47 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "nginx-auth"; + + nodes = { + webserver = { pkgs, lib, ... }: { + services.nginx = let + root = pkgs.runCommand "testdir" {} '' + mkdir "$out" + echo hello world > "$out/index.html" + ''; + in { + enable = true; + + virtualHosts.lockedroot = { + inherit root; + basicAuth.alice = "jane"; + }; + + virtualHosts.lockedsubdir = { + inherit root; + locations."/sublocation/" = { + alias = "${root}/"; + basicAuth.bob = "john"; + }; + }; + }; + }; + }; + + testScript = '' + webserver.wait_for_unit("nginx") + webserver.wait_for_open_port(80) + + webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot") + webserver.succeed( + "curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot" + ) + + webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir") + webserver.fail( + "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html" + ) + webserver.succeed( + "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html" + ) + ''; +}) diff --git a/nixos/tests/nixos-generate-config.nix b/nixos/tests/nixos-generate-config.nix index 6c83ccecc70a0..5daa55a8abbea 100644 --- a/nixos/tests/nixos-generate-config.nix +++ b/nixos/tests/nixos-generate-config.nix @@ -7,8 +7,16 @@ import ./make-test-python.nix ({ lib, ... } : { { config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; $bootLoaderConfig + $desktopConfiguration } ''; + + system.nixos-generate-config.desktopConfiguration = '' + # DESKTOP + # services.xserver.enable = true; + # services.xserver.displayManager.gdm.enable = true; + # services.xserver.desktopManager.gnome3.enable = true; + ''; }; testScript = '' start_all() @@ -18,9 +26,17 @@ import ./make-test-python.nix ({ lib, ... } : { # Test if the configuration really is overridden machine.succeed("grep 'OVERRIDDEN' /etc/nixos/configuration.nix") + # Test if desktop configuration really is overridden + machine.succeed("grep 'DESKTOP' /etc/nixos/configuration.nix") + # Test of if the Perl variable $bootLoaderConfig is spliced correctly: machine.succeed( "grep 'boot\\.loader\\.grub\\.enable = true;' /etc/nixos/configuration.nix" ) + + # Test if the Perl variable $desktopConfiguration is spliced correctly + machine.succeed( + "grep 'services\\.xserver\\.desktopManager\\.gnome3\\.enable = true;' /etc/nixos/configuration.nix" + ) ''; }) diff --git a/nixos/tests/nzbget.nix b/nixos/tests/nzbget.nix index 12d8ed6ea8da1..b39c9b035e612 100644 --- a/nixos/tests/nzbget.nix +++ b/nixos/tests/nzbget.nix @@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { server.wait_for_unit("network.target") server.wait_for_open_port(6789) assert "This file is part of nzbget" in server.succeed( - "curl -s -u nzbget:tegbzn6789 http://127.0.0.1:6789" + "curl -f -s -u nzbget:tegbzn6789 http://127.0.0.1:6789" ) server.succeed( "${pkgs.nzbget}/bin/nzbget -n -o Control_iP=127.0.0.1 -o Control_port=6789 -o Control_password=tegbzn6789 -V" diff --git a/nixos/tests/oci-containers.nix b/nixos/tests/oci-containers.nix index bb6c019f07c99..0dfc7ffb276be 100644 --- a/nixos/tests/oci-containers.nix +++ b/nixos/tests/oci-containers.nix @@ -32,7 +32,7 @@ let start_all() ${backend}.wait_for_unit("${backend}-nginx.service") ${backend}.wait_for_open_port(8181) - ${backend}.wait_until_succeeds("curl http://localhost:8181 | grep Hello") + ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello") ''; }; diff --git a/nixos/tests/oh-my-zsh.nix b/nixos/tests/oh-my-zsh.nix new file mode 100644 index 0000000000000..57a073b086e88 --- /dev/null +++ b/nixos/tests/oh-my-zsh.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "oh-my-zsh"; + + machine = { pkgs, ... }: + + { + programs.zsh = { + enable = true; + ohMyZsh.enable = true; + }; + }; + + testScript = '' + start_all() + machine.succeed("touch ~/.zshrc") + machine.succeed("zsh -c 'source /etc/zshrc && echo $ZSH | grep oh-my-zsh-${pkgs.oh-my-zsh.version}'") + ''; +}) diff --git a/nixos/tests/osrm-backend.nix b/nixos/tests/osrm-backend.nix index db67a5a589f9d..4067d5b1a239a 100644 --- a/nixos/tests/osrm-backend.nix +++ b/nixos/tests/osrm-backend.nix @@ -48,10 +48,10 @@ in { machine.wait_for_unit("osrm.service") machine.wait_for_open_port(${toString port}) assert "Boulevard Rainier III" in machine.succeed( - "curl --silent '${query}' | jq .waypoints[0].name" + "curl --fail --silent '${query}' | jq .waypoints[0].name" ) assert "Avenue de la Costa" in machine.succeed( - "curl --silent '${query}' | jq .waypoints[1].name" + "curl --fail --silent '${query}' | jq .waypoints[1].name" ) ''; }) diff --git a/nixos/tests/paperless.nix b/nixos/tests/paperless.nix index 355e7041d3fe2..fb83e6f976de6 100644 --- a/nixos/tests/paperless.nix +++ b/nixos/tests/paperless.nix @@ -23,14 +23,14 @@ import ./make-test-python.nix ({ lib, ... } : { with subtest("Service gets ready"): machine.wait_for_unit("paperless-server.service") # Wait until server accepts connections - machine.wait_until_succeeds("curl -s localhost:28981") + machine.wait_until_succeeds("curl -fs localhost:28981") with subtest("Test document is consumed"): machine.wait_until_succeeds( - "(($(curl -s localhost:28981/api/documents/ | jq .count) == 1))" + "(($(curl -fs localhost:28981/api/documents/ | jq .count) == 1))" ) assert "2005-10-16" in machine.succeed( - "curl -s localhost:28981/api/documents/ | jq '.results | .[0] | .created'" + "curl -fs localhost:28981/api/documents/ | jq '.results | .[0] | .created'" ) ''; }) diff --git a/nixos/tests/peerflix.nix b/nixos/tests/peerflix.nix index 37628604d49b5..6e534dedc4715 100644 --- a/nixos/tests/peerflix.nix +++ b/nixos/tests/peerflix.nix @@ -18,6 +18,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { start_all() peerflix.wait_for_unit("peerflix.service") - peerflix.wait_until_succeeds("curl localhost:9000") + peerflix.wait_until_succeeds("curl -f localhost:9000") ''; }) diff --git a/nixos/tests/php/fpm.nix b/nixos/tests/php/fpm.nix index 513abd9437378..9ad515ebdde06 100644 --- a/nixos/tests/php/fpm.nix +++ b/nixos/tests/php/fpm.nix @@ -43,7 +43,7 @@ import ../make-test-python.nix ({pkgs, lib, ...}: { machine.wait_for_unit("phpfpm-foobar.service") # Check so we get an evaluated PHP back - response = machine.succeed("curl -vvv -s http://127.0.0.1:80/") + response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/") assert "PHP Version ${pkgs.php.version}" in response, "PHP version not detected" # Check so we have database and some other extensions loaded diff --git a/nixos/tests/php/httpd.nix b/nixos/tests/php/httpd.nix index 1092e0ecadd39..27ea7a24e3a99 100644 --- a/nixos/tests/php/httpd.nix +++ b/nixos/tests/php/httpd.nix @@ -21,7 +21,7 @@ import ../make-test-python.nix ({pkgs, lib, ...}: { machine.wait_for_unit("httpd.service") # Check so we get an evaluated PHP back - response = machine.succeed("curl -vvv -s http://127.0.0.1:80/") + response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/") assert "PHP Version ${pkgs.php.version}" in response, "PHP version not detected" # Check so we have database and some other extensions loaded diff --git a/nixos/tests/php/pcre.nix b/nixos/tests/php/pcre.nix index 3dd0964e60fbe..3ea19304bffd5 100644 --- a/nixos/tests/php/pcre.nix +++ b/nixos/tests/php/pcre.nix @@ -32,7 +32,7 @@ in import ../make-test-python.nix ({lib, ...}: { '' machine.wait_for_unit("httpd.service") # Ensure php evaluation by matching on the var_dump syntax - response = machine.succeed("curl -vvv -s http://127.0.0.1:80/index.php") + response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/index.php") expected = 'string(${toString (builtins.stringLength testString)}) "${testString}"' assert expected in response, "Does not appear to be able to use subgroups." ''; diff --git a/nixos/tests/powerdns.nix b/nixos/tests/powerdns.nix index 75d71315e644d..d025934ad2b37 100644 --- a/nixos/tests/powerdns.nix +++ b/nixos/tests/powerdns.nix @@ -1,13 +1,65 @@ -import ./make-test-python.nix ({ pkgs, ... }: { +# This test runs PowerDNS authoritative server with the +# generic MySQL backend (gmysql) to connect to a +# MariaDB server using UNIX sockets authentication. + +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "powerdns"; nodes.server = { ... }: { services.powerdns.enable = true; - environment.systemPackages = [ pkgs.dnsutils ]; + services.powerdns.extraConfig = '' + launch=gmysql + gmysql-user=pdns + ''; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ "powerdns" ]; + ensureUsers = lib.singleton + { name = "pdns"; + ensurePermissions = { "powerdns.*" = "ALL PRIVILEGES"; }; + }; + }; + + environment.systemPackages = with pkgs; + [ dnsutils powerdns mariadb ]; }; testScript = '' - server.wait_for_unit("pdns") - server.succeed("dig version.bind txt chaos \@127.0.0.1") + import re + + with subtest("PowerDNS database exists"): + server.wait_for_unit("mysql") + server.succeed("echo 'SHOW DATABASES;' | sudo -u pdns mysql -u pdns >&2") + + with subtest("Loading the MySQL schema works"): + server.succeed( + "sudo -u pdns mysql -u pdns -D powerdns <" + "${pkgs.powerdns}/share/doc/pdns/schema.mysql.sql" + ) + + with subtest("PowerDNS server starts"): + server.wait_for_unit("pdns") + server.succeed("dig version.bind txt chaos @127.0.0.1 >&2") + + with subtest("Adding an example zone works"): + # Extract configuration file needed by pdnsutil + unit = server.succeed("systemctl cat pdns") + conf = re.search("(--config-dir=[^ ]+)", unit).group(1) + pdnsutil = "sudo -u pdns pdnsutil " + conf + server.succeed(f"{pdnsutil} create-zone example.com ns1.example.com") + server.succeed(f"{pdnsutil} add-record example.com ns1 A 192.168.1.2") + + with subtest("Querying the example zone works"): + reply = server.succeed("dig +noall +answer ns1.example.com @127.0.0.1") + assert ( + "192.168.1.2" in reply + ), f"""" + The reply does not contain the expected IP address: + Expected: + ns1.example.com. 3600 IN A 192.168.1.2 + Reply: + {reply}""" ''; }) diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 53080403dd64b..0b9957404f3b4 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -563,6 +563,37 @@ let ''; }; + rtl_433 = { + exporterConfig = { + enable = true; + }; + metricProvider = { + # Mock rtl_433 binary to return a dummy metric stream. + nixpkgs.overlays = [ (self: super: { + rtl_433 = self.runCommand "rtl_433" {} '' + mkdir -p "$out/bin" + cat <<EOF > "$out/bin/rtl_433" + #!/bin/sh + while true; do + printf '{"time" : "2020-04-26 13:37:42", "model" : "zopieux", "id" : 55, "channel" : 3, "temperature_C" : 18.000}\n' + sleep 4 + done + EOF + chmod +x "$out/bin/rtl_433" + ''; + }) ]; + }; + exporterTest = '' + wait_for_unit("prometheus-rtl_433-exporter.service") + wait_for_open_port(9550) + wait_until_succeeds( + "curl -sSf localhost:9550/metrics | grep -q '{}'".format( + 'rtl_433_temperature_celsius{channel="3",id="55",location="",model="zopieux"} 18' + ) + ) + ''; + }; + snmp = { exporterConfig = { enable = true; diff --git a/nixos/tests/prometheus.nix b/nixos/tests/prometheus.nix index af2aa66a55266..6881c659e6d0c 100644 --- a/nixos/tests/prometheus.nix +++ b/nixos/tests/prometheus.nix @@ -19,7 +19,6 @@ let secret_key = s3.secretKey; insecure = true; signature_version2 = false; - encrypt_sse = false; put_user_metadata = {}; http_config = { idle_conn_timeout = "0s"; @@ -193,13 +192,13 @@ in import ./make-test-python.nix { # Check if prometheus responds to requests: prometheus.wait_for_unit("prometheus.service") prometheus.wait_for_open_port(${toString queryPort}) - prometheus.succeed("curl -s http://127.0.0.1:${toString queryPort}/metrics") + prometheus.succeed("curl -sf http://127.0.0.1:${toString queryPort}/metrics") # Let's test if pushing a metric to the pushgateway succeeds: prometheus.wait_for_unit("pushgateway.service") prometheus.succeed( "echo 'some_metric 3.14' | " - + "curl --data-binary \@- " + + "curl -f --data-binary \@- " + "http://127.0.0.1:${toString pushgwPort}/metrics/job/some_job" ) diff --git a/nixos/tests/sanoid.nix b/nixos/tests/sanoid.nix index 284b38932cceb..66ddaad60ea25 100644 --- a/nixos/tests/sanoid.nix +++ b/nixos/tests/sanoid.nix @@ -38,7 +38,7 @@ in { services.syncoid = { enable = true; - sshKey = "/root/.ssh/id_ecdsa"; + sshKey = "/var/lib/syncoid/id_ecdsa"; commonArgs = [ "--no-sync-snap" ]; commands."pool/test".target = "root@target:pool/test"; }; @@ -69,11 +69,12 @@ in { "udevadm settle", ) - source.succeed("mkdir -m 700 /root/.ssh") source.succeed( - "cat '${snakeOilPrivateKey}' > /root/.ssh/id_ecdsa" + "mkdir -m 700 -p /var/lib/syncoid", + "cat '${snakeOilPrivateKey}' > /var/lib/syncoid/id_ecdsa", + "chmod 600 /var/lib/syncoid/id_ecdsa", + "chown -R syncoid:syncoid /var/lib/syncoid/", ) - source.succeed("chmod 600 /root/.ssh/id_ecdsa") source.succeed("touch /tmp/mnt/test.txt") source.systemctl("start --wait sanoid.service") diff --git a/nixos/tests/sbt.nix b/nixos/tests/sbt.nix new file mode 100644 index 0000000000000..004d9c2e140a0 --- /dev/null +++ b/nixos/tests/sbt.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "sbt"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { pkgs, ... }: + { + environment.systemPackages = [ pkgs.sbt ]; + }; + + testScript = + '' + machine.succeed( + "(sbt --offline --version 2>&1 || true) | grep 'getting org.scala-sbt sbt ${pkgs.sbt.version} (this may take some time)'" + ) + ''; +}) diff --git a/nixos/tests/scala.nix b/nixos/tests/scala.nix new file mode 100644 index 0000000000000..f99d9e563ffe3 --- /dev/null +++ b/nixos/tests/scala.nix @@ -0,0 +1,33 @@ +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with pkgs.lib; + +let + common = name: package: (import ./make-test-python.nix ({ + inherit name; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + scala = { ... }: { + environment.systemPackages = [ package ]; + }; + }; + + testScript = '' + start_all() + + scala.succeed("scalac -version 2>&1 | grep '^Scala compiler version ${package.version}'") + ''; + }) { inherit system; }); + +in with pkgs; { + scala_2_10 = common "scala_2_10" scala_2_10; + scala_2_11 = common "scala_2_11" scala_2_11; + scala_2_12 = common "scala_2_12" scala_2_12; + scala_2_13 = common "scala_2_13" scala_2_13; +} diff --git a/nixos/tests/service-runner.nix b/nixos/tests/service-runner.nix index 39ae66fe1116e..55fbbb7293445 100644 --- a/nixos/tests/service-runner.nix +++ b/nixos/tests/service-runner.nix @@ -29,7 +29,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { """ ) machine.wait_for_open_port(80) - machine.succeed(f"curl {url}") + machine.succeed(f"curl -f {url}") machine.succeed("kill -INT $(cat my-nginx.pid)") machine.wait_for_closed_port(80) ''; diff --git a/nixos/tests/spacecookie.nix b/nixos/tests/spacecookie.nix index 6eff32a2e75d7..5b5022a742787 100644 --- a/nixos/tests/spacecookie.nix +++ b/nixos/tests/spacecookie.nix @@ -32,7 +32,7 @@ in ${gopherHost}.wait_for_unit("spacecookie.service") client.wait_for_unit("network.target") - fileResponse = client.succeed("curl -s gopher://${gopherHost}//${fileName}") + fileResponse = client.succeed("curl -f -s gopher://${gopherHost}//${fileName}") # the file response should return our created file exactly if not (fileResponse == "${fileContent}\n"): @@ -41,7 +41,7 @@ in # sanity check on the directory listing: we serve a directory and a file # via gopher, so the directory listing should have exactly two entries, # one with gopher file type 0 (file) and one with file type 1 (directory). - dirResponse = client.succeed("curl -s gopher://${gopherHost}") + dirResponse = client.succeed("curl -f -s gopher://${gopherHost}") dirEntries = [l[0] for l in dirResponse.split("\n") if len(l) > 0] dirEntries.sort() diff --git a/nixos/tests/sslh.nix b/nixos/tests/sslh.nix index 2a800aa52d0aa..17094606e8e6b 100644 --- a/nixos/tests/sslh.nix +++ b/nixos/tests/sslh.nix @@ -78,6 +78,6 @@ import ./make-test-python.nix { server.succeed(f"grep '{ip}' /tmp/foo{arg}") # check that http through sslh works - assert client.succeed(f"curl {arg} http://server:443").strip() == "hello world" + assert client.succeed(f"curl -f {arg} http://server:443").strip() == "hello world" ''; } diff --git a/nixos/tests/sympa.nix b/nixos/tests/sympa.nix index 280691f7cb402..eb38df180a789 100644 --- a/nixos/tests/sympa.nix +++ b/nixos/tests/sympa.nix @@ -30,7 +30,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_for_unit("sympa.service") machine.wait_for_unit("wwsympa.service") assert "Mailing lists service" in machine.succeed( - "curl --insecure -L http://localhost/" + "curl --fail --insecure -L http://localhost/" ) ''; }) diff --git a/nixos/tests/syncthing-relay.nix b/nixos/tests/syncthing-relay.nix index cd72ef1cbe1de..c144bf7fca372 100644 --- a/nixos/tests/syncthing-relay.nix +++ b/nixos/tests/syncthing-relay.nix @@ -19,7 +19,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { machine.wait_for_open_port(12346) out = machine.succeed( - "curl -sS http://localhost:12346/status | jq -r '.options.\"provided-by\"'" + "curl -sSf http://localhost:12346/status | jq -r '.options.\"provided-by\"'" ) assert "nixos-test" in out ''; diff --git a/nixos/tests/syncthing.nix b/nixos/tests/syncthing.nix index 9e2a8e01e3fb8..ac9df5e50c8c1 100644 --- a/nixos/tests/syncthing.nix +++ b/nixos/tests/syncthing.nix @@ -25,7 +25,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { "xmllint --xpath 'string(configuration/gui/apikey)' %s/config.xml" % confdir ).strip() oldConf = host.succeed( - "curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config" % APIKey + "curl -Ssf -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config" % APIKey ) conf = json.loads(oldConf) conf["devices"].append({"deviceID": deviceID, "id": name}) @@ -39,7 +39,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { ) newConf = json.dumps(conf) host.succeed( - "curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config -d %s" + "curl -Ssf -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config -d %s" % (APIKey, shlex.quote(newConf)) ) diff --git a/nixos/tests/systemd-networkd-vrf.nix b/nixos/tests/systemd-networkd-vrf.nix index bd4751f8e4359..9f09d801f77ac 100644 --- a/nixos/tests/systemd-networkd-vrf.nix +++ b/nixos/tests/systemd-networkd-vrf.nix @@ -38,14 +38,14 @@ in { matchConfig.Name = "vrf1"; networkConfig.IPForward = "yes"; routes = [ - { routeConfig = { Destination = "192.168.1.2"; Metric = "100"; }; } + { routeConfig = { Destination = "192.168.1.2"; Metric = 100; }; } ]; }; networks."10-vrf2" = { matchConfig.Name = "vrf2"; networkConfig.IPForward = "yes"; routes = [ - { routeConfig = { Destination = "192.168.2.3"; Metric = "100"; }; } + { routeConfig = { Destination = "192.168.2.3"; Metric = 100; }; } ]; }; diff --git a/nixos/tests/trac.nix b/nixos/tests/trac.nix index 7953f8d41f771..af7182d1e185c 100644 --- a/nixos/tests/trac.nix +++ b/nixos/tests/trac.nix @@ -14,6 +14,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { start_all() machine.wait_for_unit("trac.service") machine.wait_for_open_port(8000) - machine.wait_until_succeeds("curl -L http://localhost:8000/ | grep 'Trac Powered'") + machine.wait_until_succeeds("curl -fL http://localhost:8000/ | grep 'Trac Powered'") ''; }) diff --git a/nixos/tests/trezord.nix b/nixos/tests/trezord.nix index b7b3dd31942bb..7c8370f409ed4 100644 --- a/nixos/tests/trezord.nix +++ b/nixos/tests/trezord.nix @@ -14,6 +14,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { start_all() machine.wait_for_unit("trezord.service") machine.wait_for_open_port(21325) - machine.wait_until_succeeds("curl -L http://localhost:21325/status/ | grep Version") + machine.wait_until_succeeds("curl -fL http://localhost:21325/status/ | grep Version") ''; }) diff --git a/nixos/tests/trickster.nix b/nixos/tests/trickster.nix index 713ac8f0b2fae..e32f919a1ada9 100644 --- a/nixos/tests/trickster.nix +++ b/nixos/tests/trickster.nix @@ -19,19 +19,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { prometheus.wait_for_unit("prometheus.service") prometheus.wait_for_open_port(9090) prometheus.wait_until_succeeds( - "curl -L http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) trickster.wait_for_unit("trickster.service") trickster.wait_for_open_port(8082) trickster.wait_for_open_port(9090) trickster.wait_until_succeeds( - "curl -L http://localhost:8082/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://localhost:8082/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) trickster.wait_until_succeeds( - "curl -L http://prometheus:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://prometheus:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) trickster.wait_until_succeeds( - "curl -L http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) ''; }) diff --git a/nixos/tests/upnp.nix b/nixos/tests/upnp.nix index a7d837ea0708e..046c0a56b2a76 100644 --- a/nixos/tests/upnp.nix +++ b/nixos/tests/upnp.nix @@ -90,7 +90,7 @@ in client1.succeed("upnpc -a ${internalClient1Address} 9000 9000 TCP") client1.wait_for_unit("httpd") - client2.wait_until_succeeds("curl http://${externalRouterAddress}:9000/") + client2.wait_until_succeeds("curl -f http://${externalRouterAddress}:9000/") ''; }) diff --git a/nixos/tests/uwsgi.nix b/nixos/tests/uwsgi.nix index 78a87147f55cd..7f4945a88030f 100644 --- a/nixos/tests/uwsgi.nix +++ b/nixos/tests/uwsgi.nix @@ -33,6 +33,6 @@ import ./make-test-python.nix ({ pkgs, ... }: machine.wait_for_unit("multi-user.target") machine.wait_for_unit("uwsgi.service") machine.wait_for_open_port(8000) - assert "Hello World" in machine.succeed("curl -v 127.0.0.1:8000") + assert "Hello World" in machine.succeed("curl -fv 127.0.0.1:8000") ''; }) diff --git a/nixos/tests/victoriametrics.nix b/nixos/tests/victoriametrics.nix index 73ef8b7286153..fff8d7005da17 100644 --- a/nixos/tests/victoriametrics.nix +++ b/nixos/tests/victoriametrics.nix @@ -19,9 +19,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { # write some points and run simple query out = one.succeed( - "curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/write'" + "curl -f -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/write'" + ) + cmd = ( + """curl -f -s -G 'http://localhost:8428/api/v1/export' -d 'match={__name__!=""}'""" ) - cmd = """curl -s -G 'http://localhost:8428/api/v1/export' -d 'match={__name__!=""}'""" # data takes a while to appear one.wait_until_succeeds(f"[[ $({cmd} | wc -l) -ne 0 ]]") out = one.succeed(cmd) diff --git a/nixos/tests/web-servers/unit-php.nix b/nixos/tests/web-servers/unit-php.nix index 2a0a5bdaa5d51..033036ee76673 100644 --- a/nixos/tests/web-servers/unit-php.nix +++ b/nixos/tests/web-servers/unit-php.nix @@ -47,7 +47,7 @@ in { machine.wait_for_unit("unit.service") # Check so we get an evaluated PHP back - response = machine.succeed("curl -vvv -s http://127.0.0.1:9074/") + response = machine.succeed("curl -f -vvv -s http://127.0.0.1:9074/") assert "PHP Version ${pkgs.unit.usedPhp74.version}" in response, "PHP version not detected" # Check so we have database and some other extensions loaded diff --git a/nixos/tests/wordpress.nix b/nixos/tests/wordpress.nix index b7449859f7e62..5d740502bb572 100644 --- a/nixos/tests/wordpress.nix +++ b/nixos/tests/wordpress.nix @@ -40,7 +40,7 @@ import ./make-test-python.nix ({ pkgs, ... }: with subtest("website returns welcome screen"): for site_name in site_names: - assert "Welcome to the famous" in machine.succeed(f"curl -L {site_name}") + assert "Welcome to the famous" in machine.succeed(f"curl -fL {site_name}") with subtest("wordpress-init went through"): for site_name in site_names: diff --git a/nixos/tests/xmonad.nix b/nixos/tests/xmonad.nix index 56baae8b9d3cd..308dbca154fd4 100644 --- a/nixos/tests/xmonad.nix +++ b/nixos/tests/xmonad.nix @@ -14,9 +14,16 @@ import ./make-test-python.nix ({ pkgs, ...} : { extraPackages = with pkgs.haskellPackages; haskellPackages: [ xmobar ]; config = '' import XMonad + import XMonad.Operations (restart) import XMonad.Util.EZConfig - main = launch $ def `additionalKeysP` myKeys - myKeys = [ ("M-C-x", spawn "xterm") ] + import XMonad.Util.SessionStart + + main = launch $ def { startupHook = startup } `additionalKeysP` myKeys + + startup = isSessionStart >>= \sessInit -> + if sessInit then setSessionStarted else spawn "xterm" + + myKeys = [ ("M-C-x", spawn "xterm"), ("M-q", restart "xmonad" True) ] ''; }; }; @@ -30,12 +37,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine.send_key("alt-ctrl-x") machine.wait_for_window("${user.name}.*machine") machine.sleep(1) - machine.screenshot("terminal") - machine.wait_until_succeeds("xmonad --restart") + machine.screenshot("terminal1") + machine.send_key("alt-q") machine.sleep(3) - machine.send_key("alt-shift-ret") machine.wait_for_window("${user.name}.*machine") machine.sleep(1) - machine.screenshot("terminal") + machine.screenshot("terminal2") ''; }) |