kanidm: 1.1.0-alpha.11 -> 1.1.0-alpha.12

* Update Cargo.lock from upstream.
* Adapt expression to upstream source tree layout changes.
* Apply patch to restore x86_64 v1 support

Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>

Also updates the NixOS test:

* Stop kanidm to recover the idm_admin account
* Group all tests into subtest blocks
* Add TODO to wait for unix socket on unixd for the next release

Co-Authored-By: Raito Bezarius <masterancpp@gmail.com>
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
This commit is contained in:
Bjørn Forsman 2023-05-01 12:39:28 +02:00 committed by Martin Weinelt
parent c90b0d0a6f
commit ed99bd0fb9
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
3 changed files with 692 additions and 635 deletions

View file

@ -63,12 +63,27 @@ import ./make-test-python.nix ({ pkgs, ... }:
''
start_all()
server.wait_for_unit("kanidm.service")
with subtest("Test HTTP interface"):
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
with subtest("Test LDAP interface"):
server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'")
client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
assert rv == 0
with subtest("Test CLI login"):
client.succeed("kanidm login -D anonymous")
client.succeed("kanidm self whoami | grep anonymous@${serverDomain}")
with subtest("Recover idm_admin account"):
# Must stop the server for account recovery or else kanidmd fails with
# "unable to lock kanidm exclusive lock at /var/lib/kanidm/kanidm.db.klock".
server.succeed("systemctl stop kanidm")
server.succeed("su - kanidm -c 'kanidmd recover-account -c ${serverConfigFile} idm_admin 2>&1 | rg -o \'[A-Za-z0-9]{48}\' '")
server.succeed("systemctl start kanidm")
with subtest("Test unixd connection"):
client.wait_for_unit("kanidm-unixd.service")
client.succeed("kanidm_unixd_status | grep working!")
# TODO: client.wait_for_file("/run/kanidm-unixd/sock")
client.wait_until_succeeds("kanidm-unix status | grep working!")
'';
})

File diff suppressed because it is too large Load diff

View file

@ -4,6 +4,7 @@
, nixosTests
, rustPlatform
, fetchFromGitHub
, fetchpatch
, installShellFiles
, pkg-config
, udev
@ -17,35 +18,44 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "kanidm";
version = "1.1.0-alpha.11";
version = "1.1.0-alpha.12";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-TVGLL1Ir/Nld0kdhWmcYYmChrW42ctJPY/U7wtuEwCo=";
hash = "sha256-ZlUn7m5xgMWWIr9y/dkM/yZ2KF2LdkaxqtHsMcxAT/M=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"tracing-forest-0.1.4" = "sha256-ofBLxSzZ5SYy8cbViVUa6VXKbOgd8lt7QUYhL0BW6I4=";
"tracing-forest-0.1.5" = "sha256-L6auSKB4DCnZBZpx7spiikhSOD6i1W3erc3zjn+26Ao=";
};
};
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
patches = [
(fetchpatch {
# Bring back x86_64-v1 microarchitecture level
name = "cpu-opt-level.patch";
url = "https://github.com/kanidm/kanidm/commit/59c6723f7dfb2266eae45c3b2ddd377872a7a113.patch";
hash = "sha256-8rVEYitxvdVduQ/+AD/UG3v+mgT/VxkLoxNIXczUfCQ=";
})
];
postPatch =
let
format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
profile = {
web_ui_pkg_path = "@web_ui_pkg_path@";
cpu_flags = if stdenv.isx86_64 then "x86_64_v1" else "none";
cpu_flags = if stdenv.isx86_64 then "x86_64_legacy" else "none";
};
in
''
cp ${format profile} profiles/${KANIDM_BUILD_PROFILE}.toml
substituteInPlace profiles/${KANIDM_BUILD_PROFILE}.toml \
cp ${format profile} libs/profiles/${KANIDM_BUILD_PROFILE}.toml
substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \
--replace '@web_ui_pkg_path@' "$out/ui"
'';
@ -66,7 +76,7 @@ rustPlatform.buildRustPackage rec {
# We don't compile the wasm-part form source, as there isn't a rustc for
# wasm32-unknown-unknown in nixpkgs yet.
mkdir $out
cp -r kanidmd_web_ui/pkg $out/ui
cp -r server/web_ui/pkg $out/ui
'';
preFixup = ''