kanidm: 1.1.0-alpha.11 -> 1.1.0-alpha.12
* Update Cargo.lock from upstream. * Adapt expression to upstream source tree layout changes. * Apply patch to restore x86_64 v1 support Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de> Also updates the NixOS test: * Stop kanidm to recover the idm_admin account * Group all tests into subtest blocks * Add TODO to wait for unix socket on unixd for the next release Co-Authored-By: Raito Bezarius <masterancpp@gmail.com> Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
This commit is contained in:
parent
c90b0d0a6f
commit
ed99bd0fb9
3 changed files with 692 additions and 635 deletions
|
@ -63,12 +63,27 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
|||
''
|
||||
start_all()
|
||||
server.wait_for_unit("kanidm.service")
|
||||
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
|
||||
server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'")
|
||||
client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
|
||||
rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
|
||||
assert rv == 0
|
||||
client.wait_for_unit("kanidm-unixd.service")
|
||||
client.succeed("kanidm_unixd_status | grep working!")
|
||||
|
||||
with subtest("Test HTTP interface"):
|
||||
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
|
||||
|
||||
with subtest("Test LDAP interface"):
|
||||
server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'")
|
||||
|
||||
with subtest("Test CLI login"):
|
||||
client.succeed("kanidm login -D anonymous")
|
||||
client.succeed("kanidm self whoami | grep anonymous@${serverDomain}")
|
||||
|
||||
with subtest("Recover idm_admin account"):
|
||||
# Must stop the server for account recovery or else kanidmd fails with
|
||||
# "unable to lock kanidm exclusive lock at /var/lib/kanidm/kanidm.db.klock".
|
||||
server.succeed("systemctl stop kanidm")
|
||||
server.succeed("su - kanidm -c 'kanidmd recover-account -c ${serverConfigFile} idm_admin 2>&1 | rg -o \'[A-Za-z0-9]{48}\' '")
|
||||
server.succeed("systemctl start kanidm")
|
||||
|
||||
with subtest("Test unixd connection"):
|
||||
client.wait_for_unit("kanidm-unixd.service")
|
||||
# TODO: client.wait_for_file("/run/kanidm-unixd/sock")
|
||||
client.wait_until_succeeds("kanidm-unix status | grep working!")
|
||||
'';
|
||||
})
|
||||
|
|
1274
pkgs/servers/kanidm/Cargo.lock
generated
1274
pkgs/servers/kanidm/Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -4,6 +4,7 @@
|
|||
, nixosTests
|
||||
, rustPlatform
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, installShellFiles
|
||||
, pkg-config
|
||||
, udev
|
||||
|
@ -17,35 +18,44 @@ let
|
|||
in
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "kanidm";
|
||||
version = "1.1.0-alpha.11";
|
||||
version = "1.1.0-alpha.12";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-TVGLL1Ir/Nld0kdhWmcYYmChrW42ctJPY/U7wtuEwCo=";
|
||||
hash = "sha256-ZlUn7m5xgMWWIr9y/dkM/yZ2KF2LdkaxqtHsMcxAT/M=";
|
||||
};
|
||||
|
||||
cargoLock = {
|
||||
lockFile = ./Cargo.lock;
|
||||
outputHashes = {
|
||||
"tracing-forest-0.1.4" = "sha256-ofBLxSzZ5SYy8cbViVUa6VXKbOgd8lt7QUYhL0BW6I4=";
|
||||
"tracing-forest-0.1.5" = "sha256-L6auSKB4DCnZBZpx7spiikhSOD6i1W3erc3zjn+26Ao=";
|
||||
};
|
||||
};
|
||||
|
||||
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
# Bring back x86_64-v1 microarchitecture level
|
||||
name = "cpu-opt-level.patch";
|
||||
url = "https://github.com/kanidm/kanidm/commit/59c6723f7dfb2266eae45c3b2ddd377872a7a113.patch";
|
||||
hash = "sha256-8rVEYitxvdVduQ/+AD/UG3v+mgT/VxkLoxNIXczUfCQ=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch =
|
||||
let
|
||||
format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
|
||||
profile = {
|
||||
web_ui_pkg_path = "@web_ui_pkg_path@";
|
||||
cpu_flags = if stdenv.isx86_64 then "x86_64_v1" else "none";
|
||||
cpu_flags = if stdenv.isx86_64 then "x86_64_legacy" else "none";
|
||||
};
|
||||
in
|
||||
''
|
||||
cp ${format profile} profiles/${KANIDM_BUILD_PROFILE}.toml
|
||||
substituteInPlace profiles/${KANIDM_BUILD_PROFILE}.toml \
|
||||
cp ${format profile} libs/profiles/${KANIDM_BUILD_PROFILE}.toml
|
||||
substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \
|
||||
--replace '@web_ui_pkg_path@' "$out/ui"
|
||||
'';
|
||||
|
||||
|
@ -66,7 +76,7 @@ rustPlatform.buildRustPackage rec {
|
|||
# We don't compile the wasm-part form source, as there isn't a rustc for
|
||||
# wasm32-unknown-unknown in nixpkgs yet.
|
||||
mkdir $out
|
||||
cp -r kanidmd_web_ui/pkg $out/ui
|
||||
cp -r server/web_ui/pkg $out/ui
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
|
|
Loading…
Reference in a new issue