Merge pull request #151145 from zhaofengli/unifi5-log4j-new-mitigation
unifi5: Follow new mitigation guidelines
This commit is contained in:
commit
0b738b87db
4 changed files with 49 additions and 6 deletions
|
@ -7,7 +7,6 @@ let
|
|||
@${cfg.jrePackage}/bin/java java \
|
||||
${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \
|
||||
${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \
|
||||
${optionalString (lib.versionOlder cfg.unifiPackage.version "6.5.54") "-Dlog4j2.formatMsgNoLookups=true"} \
|
||||
-jar ${stateDir}/lib/ace.jar
|
||||
'';
|
||||
in
|
||||
|
|
|
@ -485,6 +485,7 @@ in
|
|||
ucarp = handleTest ./ucarp.nix {};
|
||||
udisks2 = handleTest ./udisks2.nix {};
|
||||
unbound = handleTest ./unbound.nix {};
|
||||
unifi = handleTest ./unifi.nix {};
|
||||
unit-php = handleTest ./web-servers/unit-php.nix {};
|
||||
upnp = handleTest ./upnp.nix {};
|
||||
usbguard = handleTest ./usbguard.nix {};
|
||||
|
|
35
nixos/tests/unifi.nix
Normal file
35
nixos/tests/unifi.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Test UniFi controller
|
||||
|
||||
{ system ? builtins.currentSystem
|
||||
, config ? { allowUnfree = true; }
|
||||
, pkgs ? import ../.. { inherit system config; }
|
||||
}:
|
||||
|
||||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
makeAppTest = unifi: makeTest {
|
||||
name = "unifi-controller-${unifi.version}";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ zhaofengli ];
|
||||
};
|
||||
|
||||
nodes.server = {
|
||||
services.unifi = {
|
||||
enable = true;
|
||||
unifiPackage = unifi;
|
||||
openFirewall = false;
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
server.wait_for_unit("unifi.service")
|
||||
server.wait_until_succeeds("curl -Lk https://localhost:8443 >&2", timeout=300)
|
||||
'';
|
||||
};
|
||||
in with pkgs; {
|
||||
unifiLTS = makeAppTest unifiLTS;
|
||||
unifi5 = makeAppTest unifi5;
|
||||
unifi6 = makeAppTest unifi6;
|
||||
}
|
|
@ -1,10 +1,9 @@
|
|||
{ lib, stdenv, dpkg, fetchurl }:
|
||||
{ lib, stdenv, dpkg, fetchurl, zip, nixosTests }:
|
||||
|
||||
let
|
||||
generic = { version, sha256, suffix ? "" }:
|
||||
stdenv.mkDerivation {
|
||||
generic = { version, sha256, suffix ? "", ... } @ args:
|
||||
stdenv.mkDerivation (args // {
|
||||
pname = "unifi-controller";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://dl.ubnt.com/unifi/${version}${suffix}/unifi_sysvinit_all.deb";
|
||||
|
@ -29,6 +28,10 @@ let
|
|||
runHook postInstall
|
||||
'';
|
||||
|
||||
passthru.tests = {
|
||||
unifi = nixosTests.unifi;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "http://www.ubnt.com/";
|
||||
description = "Controller for Ubiquiti UniFi access points";
|
||||
|
@ -36,7 +39,7 @@ let
|
|||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ erictapen globin patryk27 pennae ];
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
in rec {
|
||||
# see https://community.ui.com/releases / https://www.ui.com/download/unifi
|
||||
|
@ -49,6 +52,11 @@ in rec {
|
|||
unifi5 = generic {
|
||||
version = "5.14.23";
|
||||
sha256 = "1aar05yjm3z5a30x505w4kakbyz35i7mk7xyg0wm4ml6h94d84pv";
|
||||
|
||||
postInstall = ''
|
||||
# Remove when log4j is updated to 2.12.2 or 2.16.0.
|
||||
${zip}/bin/zip -q -d $out/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
|
||||
'';
|
||||
};
|
||||
|
||||
unifi6 = generic {
|
||||
|
|
Loading…
Reference in a new issue