From 37bbc00aee3f4a07e4b3b5e50bef0d58d603c039 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 5 Feb 2023 20:22:12 +0100 Subject: nixosTests.google-oslogin: fix tests, provide group mock endpoint If our (fake) metadata server provides a 404 instead of a JSON document, the NSS module segfaults, and as we do NSS lookups through ns(n)cd, not only crashes the application doing the NSS lookup, but our ns(n)cd. This has been causing segfaults of nscd all along, but since our switch from glibc-nscd to nsncd, caused the test to fail entirely. In any case, by handling /computeMetadata/v1/oslogin/groups we get the NSS lookup to not cause any segfaults, and to succeed the test again. --- nixos/tests/google-oslogin/server.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'nixos/tests') diff --git a/nixos/tests/google-oslogin/server.py b/nixos/tests/google-oslogin/server.py index 5ea9bbd2c96ba..622cd86b26195 100755 --- a/nixos/tests/google-oslogin/server.py +++ b/nixos/tests/google-oslogin/server.py @@ -103,6 +103,16 @@ class ReqHandler(BaseHTTPRequestHandler): self._send_json_ok(gen_mockuser(username=username, uid=uid, gid=uid, home_directory=f"/home/{username}", snakeoil_pubkey=SNAKEOIL_PUBLIC_KEY)) return + # we need to provide something at the groups endpoint. + # the nss module does segfault if we don't. + elif pu.path == "/computeMetadata/v1/oslogin/groups": + self._send_json_ok({ + "posixGroups": [ + {"name" : "demo", "gid" : 4294967295} + ], + }) + return + # authorize endpoint elif pu.path == "/computeMetadata/v1/oslogin/authorize": # is user allowed to login? -- cgit 1.4.1