Commit graph

6739 commits

Author SHA1 Message Date
Maximilian Bosch
2b42b842ed
nixos/prometheus-exporters: fix smartctl test 2023-08-15 15:44:45 +02:00
linsui
038d78d4ce nixos/dconf: add locks support 2023-08-15 19:20:39 +08:00
Nick Cao
fecb8c7752
nixosTests.fcitx5: make use of the newly added settings option 2023-08-15 08:36:07 +08:00
Maximilian Bosch
a471325eaf
Merge pull request #221318 from mweinelt/synapse-extras
nixos/matrix-synapse: Allow passing extras, discover extras from config
2023-08-14 18:43:05 +02:00
Robert Hensing
8fe5918d06
Merge pull request #248138 from hercules-ci/update-nixops_unstable
nixops_unstable: update
2023-08-14 11:00:44 +02:00
enc0urage
00d7065913 nixos/systemd-boot: Replace proprietary memtest86 with free memtest86+ in UEFI 2023-08-14 03:05:24 +00:00
h7x4
66de20bc45
tests/prometheus-exporters: add test for mysqld exporter 2023-08-13 19:47:19 +02:00
Jonas Heinrich
5e6e949e84 nixos/opensnitch: add test 2023-08-13 17:49:19 +02:00
Janne Heß
7937c5816d
nixos/switchTest: Also check for base unit modifications 2023-08-13 14:25:24 +02:00
Franz Pletz
4fc07e7b48
nixos/tests/mediamtx: init 2023-08-10 20:43:26 +02:00
Ryan Lahfa
ec409e6f79
Merge pull request #231673 from symphorien/suid_wrappers_userns 2023-08-10 11:52:59 +02:00
Franz Pletz
6574d90239
Merge pull request #248154 from onny/nextcloud-tests-fix
nixos/tests/nextcloud: Fix deprecation warning
2023-08-10 04:18:27 +02:00
Franz Pletz
50e7a02e67
nixos/chrony: add simple test 2023-08-10 03:04:04 +02:00
Franz Pletz
8e372c19d1
Merge pull request #245286 from codec/add-prometheus-idrac-exporter
prometheus-idrac-exporter: init at unstable-2023-06-29
2023-08-10 00:58:03 +02:00
Jonas Heinrich
14f7b1161d nixos/tests/nextcloud: Fix deprecation warning 2023-08-09 16:57:57 +02:00
Robert Hensing
4b51c5360f nixops_unstable: Fix tests attribute
The .overrideAttrs part is ok now, but a "passthru' workaround is
necessary now. See https://github.com/NixOS/nixpkgs/pull/247520
2023-08-09 15:47:13 +02:00
Franz Pletz
dcafb07ed8
Merge pull request #232250 from YBeaugnon/libvirt-hooks
nixos/libvirtd: hooks support
2023-08-09 15:07:52 +02:00
Guillaume Girol
0e4b8a05b2 nixos/wrappers: allow setuid and setgid wrappers to run in user namespaces
In user namespaces where an unprivileged user is mapped as root and root
is unmapped, setuid bits have no effect. However setuid root
executables like mount are still usable *in the namespace* as the user
already has the required privileges. This commit detects the situation
where the wrapper gained no privileges that the parent process did not
already have and in this case does less sanity checking. In short there
is no need to be picky since the parent already can execute the foo.real
executable themselves.

Details:
man 7 user_namespaces:
   Set-user-ID and set-group-ID programs
       When a process inside a user namespace executes a set-user-ID
       (set-group-ID) program, the process's effective user (group) ID
       inside the namespace is changed to whatever value is mapped for
       the user (group) ID of the file.  However, if either the user or
       the group ID of the file has no mapping inside the namespace, the
       set-user-ID (set-group-ID) bit is silently ignored: the new
       program is executed, but the process's effective user (group) ID
       is left unchanged.  (This mirrors the semantics of executing a
       set-user-ID or set-group-ID program that resides on a filesystem
       that was mounted with the MS_NOSUID flag, as described in
       mount(2).)

The effect of the setuid bit is that the real user id is preserved and
the effective and set user ids are changed to the owner of the wrapper.
We detect that no privilege was gained by checking that euid == suid
== ruid. In this case we stop checking that euid == owner of the
wrapper file.

As a reminder here are the values of euid, ruid, suid, stat.st_uid and
stat.st_mode & S_ISUID in various cases when running a setuid 42 executable as user 1000:

Normal case:
ruid=1000 euid=42 suid=42
setuid=2048, st_uid=42

nosuid mount:
ruid=1000 euid=1000 suid=1000
setuid=2048, st_uid=42

inside unshare -rm:
ruid=0 euid=0 suid=0
setuid=2048, st_uid=65534

inside unshare -rm, on a suid mount:
ruid=0 euid=0 suid=0
setuid=2048, st_uid=65534
2023-08-09 12:00:00 +00:00
Robert Hensing
bc9d2d6a7c
Merge pull request #247520 from Atemu/fix/kernel-passthru.tests
kernel: fix passthru.tests
2023-08-08 21:29:19 +02:00
Michele Guerini Rocco
ccc33bd3d7
Merge pull request #245852 from rnhmjoj/pr-fix-dnscrypt
dnscrypt-wrapper fixes
2023-08-08 10:34:27 +02:00
Franz Pletz
9640eb3970
Merge pull request #246029 from ehmry/eris-go 2023-08-08 06:18:03 +02:00
Franz Pletz
7fdf825d82
Merge pull request #247823 from emilylange/caddy 2023-08-08 05:57:37 +02:00
emilylange
efdcf6b96c
nixosTests.caddy: remove etag subtest
Caddy 2.7.x does no longer return etags for files with unix modtimes of
0 and 1.
Files in /nix/store have a modtime of 1.

This is something that has been specifically implemented for nix.

For now, we decided to remove the test.
But I might reimplement a similar etag subtest some time in the future.
2023-08-07 23:47:07 +02:00
Wout Mertens
ea07a9a98e
Merge pull request #247319 from DDoSolitary/patch-netdata-ipc
netdata: set NETDATA_PIPENAME to /run/netdata/ipc
2023-08-07 08:27:29 +02:00
Atemu
a0dcabb690 kernel: fix passthru.tests
https://github.com/NixOS/nixpkgs/pull/191540 indirectly broke kernel
passthru.tests; calling the testsForLinuxPackages and testsForKernel functions
with some args intended for some other exposed test-internal function.

Organise the passed-through functions under `passthru` to prevent this from
happening.
2023-08-06 15:47:54 +02:00
Atemu
6229f0bc8f all-tests: exclude passthru attributes from test discovery
discoverTests tries to discover some sort of internal function and tries to call
it with the arguments for that internal function. This poses an issue when you
want to expose some other functions (i.e. a parameterisation for a test) in
nixosTests.

This commit allows a test to pass through arbitrary values via `.passthru`
without them having discovery applied to them; including functions.
2023-08-06 15:40:10 +02:00
Gregor Godbersen
540a20546a nixos/paperless: add test for plaintext document 2023-08-05 22:06:27 +02:00
DDoSolitary
060a47e1e4
netdata: set NETDATA_PIPENAME to /run/netdata/ipc
Netdata creates its control socket at /tmp/netdata-ipc by default, which
is insecure and actually inaccessible with systemd's PrivateTmp enabled.

Originally we patched its source code to move the socket to
/run/netdata/ipc. However, it was removed due to incompatibility when
upgrading to v1.41.0: 1d2a2dc7d0

Fortunately, this new version of netdata adds support for setting the
location of the control socket via the environment variable
NETDATA_PIPENAME. So let's set it for the netdata service and the
command line utility so that they can communicate properly.
2023-08-05 18:19:08 +08:00
Martin Weinelt
3d36620b0e
Merge pull request #247109 from helsinki-systems/fix/networking-test
nixos/tests/networking: dhcpd -> kea
2023-08-04 16:48:45 +02:00
ajs124
1690adc424 nixos/tests/networking/caseSensitiveRenaming: fix bash syntax
was introduced broken in 93502aa3b1
2023-08-04 14:38:08 +02:00
ajs124
799a69971e nixos/tests/networking: dhcpd -> kea
forgotten in 413d9d3864
2023-08-04 14:23:09 +02:00
ajs124
bf4d2e6c1e
Merge pull request #242538 from tnias/fix/apparmor
apparmor: add some policies and improve abstractions and utils
2023-08-04 13:05:52 +02:00
codec
47db2bfffb prometheus-idrac-exporter: init at unstable-2023-06-29 2023-08-04 00:57:19 +02:00
Bobby Rong
58a421640c
Merge pull request #246743 from bobby285271/fix/wait-for-x
nixos/tests/{budgie,gnome-flashback}: unbreak
2023-08-03 10:37:45 +08:00
Bobby Rong
0c3697f511
nixos/tests/gnome-flashback: skip graphical-session.target check
https://hydra.nixos.org/build/230009507/log

Also silence warning: Module argument `nodes.machine.config` is deprecated. Use `nodes.machine` instead.
2023-08-03 09:52:12 +08:00
Bobby Rong
0ec48ee059
nixos/tests/budgie: skip graphical-session.target check
https://hydra.nixos.org/build/230010129/log
2023-08-03 09:52:11 +08:00
Martin Weinelt
a98ba7fdae
Merge pull request #246564 from erictapen/kanidm
kanidm: 1.1.0-alpha.12 -> 1.1.0-beta.13
2023-08-02 22:51:18 +02:00
r-vdp
127e2ed645
nixos/update-users-groups: add nixos test for the expires option 2023-08-02 13:51:06 +02:00
Nick Cao
c1e1fe0068
Merge pull request #246533 from wineee/terminal-emulators
deepin-terminal: enable nixosTests.terminal-emulators
2023-08-01 18:27:28 -06:00
Nick Cao
33b6f8b63d
Merge pull request #246493 from NickCao/singbox
sing-box: 1.3.4 -> 1.3.5
2023-08-01 18:22:25 -06:00
Maximilian Bosch
1b623f27b0
Merge pull request #245357 from onny/nextcloud-fix-test
nixos/tests/nextcloud: Fix tests, fix broken webdav url
2023-08-01 18:14:13 +02:00
Martin Weinelt
184d15cc06
kanidm: 1.1.0-alpha.12 -> 1.1.0-beta.13
https://github.com/kanidm/kanidm/releases/tag/v1.1.0-beta.13

The kanidmd process now creates a unix socket, over which admin tasks
can be done, without having to shut kanidm down first.

The kanidm_unixd process now wants access to /etc/shadow and /etc/group,
so it can rule out collisions with the host system.
2023-08-01 17:13:58 +02:00
Minijackson
de8086be4f
nixos/tests/netbox-upgrade: init
Test that the upgrade from NetBox 3.3 to NetBox 3.5 runs fine
2023-08-01 14:45:01 +02:00
h7x4
fd01b3f59c nixos/atuin: fix database.createLocally behaviour
Co-authored-by: Andrew Marshall <andrew@johnandrewmarshall.com>
2023-08-01 18:17:37 +08:00
Anderson Torres
871bf7c875 nixos/tests/systemd-initrd-networkd-ssh.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
Anderson Torres
2dd9923c8a nixos/tests/sftpgo.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
Anderson Torres
c5ffb694d9 nixos/tests/osquery.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
Anderson Torres
62f6f01085 nixos/tests/initrd-network-ssh/default.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
Anderson Torres
c532a4f227 nixos/tests/deepin.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
Anderson Torres
eb03402e28 nixos/tests/buildkite-agents.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
Anderson Torres
a282d36592 nixos/tests/binary-cache.nix: remove overuses of with 2023-08-01 10:12:12 +00:00
rewine
6fbb653d0e
nixosTests.terminal-emulators: deprecated machine' attribute by nodes.machine' 2023-08-01 18:01:18 +08:00
rewine
9278b39e90
deepin-terminal: enable nixosTests.terminal-emulators 2023-08-01 17:49:39 +08:00
Jonas Heinrich
b0ba7d2406 nixos/tests/nextcloud: Fix broken webdav url
Starting with Rclone v1.63, which is used in the Nextcloud tests for
synchronization, the client relies on the correct WebDAV endpoint url,
see https://github.com/rclone/rclone/issues/7103
2023-08-01 09:11:27 +02:00
Nick Cao
9d8828915b
sing-box: 1.3.4 -> 1.3.5
Diff: https://github.com/SagerNet/sing-box/compare/v1.3.4...v1.3.5
2023-08-01 13:01:54 +08:00
Florian Klink
a2a7096157
Merge pull request #246082 from ElvishJerricco/exitrd-fix-shutdown-loop
systemd shutdownRamfs: Fix infinite shutdown loop
2023-07-30 00:11:55 +02:00
Florian Klink
0546c70849
Merge pull request #246084 from ElvishJerricco/simplify-hibernate-test
Simplify hibernate test
2023-07-30 00:10:19 +02:00
Ryan Lahfa
899b60de3f
Merge pull request #245893 from h7x4/move-nginx-status-page-declaration 2023-07-29 20:22:58 +02:00
Will Fancher
a923cc53e7 nixos/tests/hibernate: Simplify and always set resumeDevice 2023-07-29 14:21:28 -04:00
Will Fancher
4ecd0c119a systemd shutdownRamfs: Fix infinite shutdown loop 2023-07-29 13:52:52 -04:00
Emery Hemingway
354821c1e8 nixos/eris-server: init 2023-07-29 11:56:58 +01:00
h7x4
ecb40c69d8
nixos/nginx: sort test include order alphabetically 2023-07-28 20:30:43 +02:00
h7x4
25b7b82ee0
nixos/nginx: add test for status page 2023-07-28 20:29:09 +02:00
Emily
d7937ece5b
Merge pull request #228815 from mweinelt/gitea-runner-test
nixos/tests/gitea: Tests actions runner registration
2023-07-28 19:58:45 +02:00
Martin Weinelt
e68f793041
nixos/tests/gitea: Test actions runner registration 2023-07-28 19:51:41 +02:00
Ryan Lahfa
2a0aaa7e8f
Merge pull request #245413 from oddlama/fix-hostapd-mac-allow 2023-07-28 19:19:02 +02:00
Ryan Lahfa
3ac8c61e9d
Merge pull request #244883 from LibreCybernetics/linux_6_3_eol 2023-07-28 18:40:03 +02:00
ajs124
8d34cf8e7d
Merge pull request #245734 from helsinki-systems/upd/jenkins
jenkins: 2.401.2 -> 2.401.3
2023-07-28 16:34:57 +02:00
rnhmjoj
0bd475c296
nixos/tests/dnscrypt-wrapper: fix flakyness 2023-07-28 11:59:36 +02:00
Eric Wolf
318d8cc4c5 nixos/lemmy: limit impurity by secrets
Split `services.lemmy.secretFile` into
multiple options to allow only secrets.
2023-07-28 07:49:27 +00:00
ajs124
1d64486ba7 nixos/tests/jenkins: fix deprecation warning 2023-07-27 15:18:11 +02:00
nikstur
87ecda9a21 nixos/tests/appliance-repart-image: init 2023-07-26 23:33:33 +02:00
nikstur
e6862fae8f nixos/tests/systemd-sysupdate: init 2023-07-26 20:33:33 +02:00
nikstur
5750660f25 nixos/tests: use sensible key type for gpg keyring
If someone blindly copies this code, at least they have a sensible key
type.
2023-07-26 20:32:51 +02:00
nikstur
7e522a81ef nixos/tests: refactor gpg-keyring test utility 2023-07-26 20:32:51 +02:00
oddlama
0ac2ba763f
nixos/hostapd: fix regression after refactoring to RFC42.
Switching from submodule notation from ({name, ...}: {}) to (submob: {}) seems to require a different accessing scheme.
2023-07-25 18:40:51 +02:00
asymmetric
46df012d2a
Merge pull request #244332 from SuperSandro2000/fonts-fonts
nixos/fonts: rename fonts.fonts option to fonts.packages, other cleanups
2023-07-25 09:49:25 +02:00
Sandro Jäckel
83793ca898
nixos/fonts: rename fonts.enableDefaultFonts to fonts.enableDefaultPackages
to better fit the renamed fonts.packages
2023-07-25 00:55:25 +02:00
Jacek Galowicz
f59913bad8
Merge pull request #241949 from R-VdP/nixos_test_busybox
nixos/test-driver: use the short form argument to base64 for busybox compatibility.
2023-07-24 18:05:06 +02:00
Sandro Jäckel
b0c67b4b6e
treewide: rename fonts.fonts to fonts.packages 2023-07-24 17:34:39 +02:00
github-actions[bot]
aae1f8ef06
Merge master into staging-next 2023-07-24 06:01:13 +00:00
Nick Cao
e598d5b773
Merge pull request #244953 from tomfitzhenry/less-maintainership
remove tomfitzhenry@ as maintainer for some packages
2023-07-23 18:57:35 -06:00
github-actions[bot]
449a683b10
Merge master into staging-next 2023-07-24 00:02:26 +00:00
Ryan Lahfa
bba6788b37
Merge pull request #244702 from RaitoBezarius/nginx-maintenance 2023-07-23 23:53:17 +02:00
github-actions[bot]
6afe543aec
Merge master into staging-next 2023-07-23 18:01:33 +00:00
7c6f434c
b02fd49f16
Merge pull request #194310 from lilyinstarlight/pkg/curl-impersonate
curl-impersonate: init at 0.5.4 and replace curl-impersonate-bin
2023-07-23 17:00:17 +00:00
oddlama
d073105d6b
nixos/switch-to-configuration: fix ignoring of template unit specialization dropins 2023-07-23 13:16:58 +02:00
Tom Fitzhenry
cb470d61c3 remove tomfitzhenry@ as maintainer for some packages
Motivation: Over the foreseeable future I'll have less time to do
maintenance, so I'm reducing the set of packages I maintain to just
those that I use.
2023-07-23 12:39:57 +10:00
github-actions[bot]
86a73bdb86
Merge master into staging-next 2023-07-23 00:02:31 +00:00
Ilan Joselevich
e29e8a71c8
nixos/twingate: improve test 2023-07-23 01:24:51 +03:00
Fabián Heredia Montiel
ffba10cd9a linux_6_3: drop as EOL 2023-07-22 12:46:17 -06:00
github-actions[bot]
41e6556ad3
Merge master into staging-next 2023-07-22 18:01:06 +00:00
Ryan Lahfa
c4ae17443e
Merge pull request #244233 from oddlama/init-typesense-bin 2023-07-22 18:47:45 +02:00
oddlama
234dd85da0
nixos/typesense: init at 0.24.1 2023-07-22 16:38:13 +02:00
github-actions[bot]
045f0259fe
Merge master into staging-next 2023-07-22 12:01:28 +00:00
1000101
f63d863fde
nixos/pgbouncer: init (#241578)
Co-authored-by: Marek Mahut <marek.mahut@gmail.com>
2023-07-22 12:49:23 +02:00
github-actions[bot]
c05c2c2f5c
Merge master into staging-next 2023-07-22 00:02:13 +00:00
Lassulus
f8ad4849c3
Merge pull request #233386 from Lassulus/syncthing-fix 2023-07-22 01:02:04 +02:00
Raito Bezarius
72cfcbebd6 nixos/tests/nginx-proxyprotocol: add raitobezarius as a maintainer
I added this feature, I will maintain it.
2023-07-21 21:13:28 +02:00
Lily Foster
e28c49d86d
nixosTests.curl-impersonate: init 2023-07-21 14:37:48 -04:00