Commit graph

227 commits

Author SHA1 Message Date
aszlig
845e92835d
Merge Last-Modified fix for nginx (#76697)
This fixes the patch for nginx to clear the Last-Modified header if a
static file is served from the Nix store.

So far we only used the ETag from the store path, but if the
Last-Modified header is always set to "Thu, 01 Jan 1970 00:00:01 GMT",
Firefox and Chrome/Chromium seem to ignore the ETag and simply use the
cached content instead of revalidating.

Alongside the fix, this also adds a dedicated NixOS VM test, which uses
WebDriver and Firefox to check whether the content is actually served
from the browser's cache and to have a more real-world test case.
2020-01-02 21:41:59 +01:00
Symphorien Gibol
cb38bf33e7 nagios: add nixos test 2019-12-30 16:41:18 +01:00
aszlig
ccf55bead1
nginx: Clear Last-Modified if ETag is from store
This is what I've suspected a while ago[1]:

> Heads-up everyone: After testing this in a few production instances,
> it seems that some browsers still get cache hits for new store paths
> (and changed contents) for some reason. I highly suspect that it might
> be due to the last-modified header (as mentioned in [2]).
>
> Going to test this with last-modified disabled for a little while and
> if this is the case I think we should improve that patch by disabling
> last-modified if serving from a store path.

Much earlier[2] when I reviewed the patch, I wrote this:

> Other than that, it looks good to me.
>
> However, I'm not sure what we should do with Last-Modified header.
> From RFC 2616, section 13.3.4:
>
> - If both an entity tag and a Last-Modified value have been
>   provided by the origin server, SHOULD use both validators in
>   cache-conditional requests. This allows both HTTP/1.0 and
>   HTTP/1.1 caches to respond appropriately.
>
> I'm a bit nervous about the SHOULD here, as user agents in the wild
> could possibly just use Last-Modified and use the cached content
> instead.

Unfortunately, I didn't pursue this any further back then because
@pbogdan noted[3] the following:

> Hmm, could they (assuming they are conforming):
>
>  * If an entity tag has been provided by the origin server, MUST
>    use that entity tag in any cache-conditional request (using If-
>    Match or If-None-Match).

Since running with this patch in some deployments, I found that both
Firefox and Chrome/Chromium do NOT re-validate against the ETag if the
Last-Modified header is still the same.

So I wrote a small NixOS VM test with Geckodriver to have a test case
which is closer to the real world and I indeed was able to reproduce
this.

Whether this is actually a bug in Chrome or Firefox is an entirely
different issue and even IF it is the fault of the browsers and it is
fixed at some point, we'd still need to handle this for older browser
versions.

Apart from clearing the header, I also recreated the patch by using a
plain "git diff" with a small description on top. This should make it
easier for future authors to work on that patch.

[1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764
[2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084
[3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135

Signed-off-by: aszlig <aszlig@nix.build>
2019-12-30 14:30:36 +01:00
Jörg Thalheim
89c55c0a6d
net-snmp: split outputs (#76155)
net-snmp: split outputs
2019-12-25 06:27:55 +00:00
Florian Klink
eeaf1f702d
Merge pull request #75103 from sternenseemann/spacecookie
services/spacecookie: init
2019-12-23 11:09:52 +01:00
Aaron Andersen
086d1ad906
Merge pull request #75047 from kampka/trilium-server
Add trilium server and module
2019-12-22 20:26:57 -05:00
Christian Kampka
ebf3f1fe78
trilium: Pin platforms to x86_64 linux 2019-12-22 15:04:09 +01:00
Jörg Thalheim
aadfcc0900
nixos/keepalived: add test 2019-12-22 08:52:56 +00:00
Michael Raskin
6210c15573
Merge pull request #67507 from misuzu/package-3proxy
3proxy: init at 0.8.13
2019-12-19 15:42:15 +00:00
Christian Kampka
82f038d468
trilium-server: Add module 2019-12-19 10:14:12 +01:00
sternenseemann
25503db8e8 nixos/spacecookie: add service module and test 2019-12-17 14:17:03 +01:00
Frederik Rietdijk
7266f3ad2b Merge staging-next into staging 2019-12-15 16:12:48 +01:00
Jan Tojnar
aa3cb8b00e
Merge branch 'staging-next' into staging 2019-12-14 23:09:23 +01:00
Christian Kampka
c98d54a3e9
zsh-history: Add tests 2019-12-14 10:58:38 +01:00
Kai Wohlfahrt
0dce66a6ec nixos/nfs: test nfs with kerberos authentication 2019-12-12 15:42:44 +00:00
Florian Klink
b5c5ed2939
Merge pull request #74066 from 7c6f434c/add-systemd-analyze-test
Add systemd analyze test
2019-12-11 19:04:39 +01:00
Florian Klink
8772359957 nixosTests.containers-portforward: add to all-tests.nix 2019-12-10 20:34:37 +01:00
Michael Raskin
e365454066 nixos/tests: add systemd-analyze test 2019-12-08 19:02:20 +01:00
Bruno Bigras
9314dc43b3 gitolite: wrap gitolite-shell
git wasn't found when used with services.fcgiwrap
for http auth
2019-12-08 12:26:02 +01:00
Florian Klink
04071c6a65
Merge pull request #74006 from nh2/nixos-tests-consul
nixosTests.consul: init
2019-12-06 10:21:56 +01:00
Maximilian Bosch
8360a627fa nixos/consul: register test 2019-12-06 03:39:28 +01:00
x123
07be580889 nixos/tests/timezone: port to python 2019-12-06 00:45:30 +01:00
Andrew Dunham
c37902dfd1 nixosTests.gvisor: add test for gvisor and gvisor as a Docker runtime 2019-12-03 23:55:24 -08:00
Jacek Galowicz
07802f4d20 nixos/containers-ip: Test both ipv4 and ipv6 in the same script 2019-11-27 09:13:02 +01:00
Florian Klink
02f869ff30 osquery: remove
osquery was marked as broken since April.

If somebody steps up to fix it, we can always revive it from the
histroy, but there's not much value in shipping completely broken things
in current master.

cc @ma27
2019-11-24 22:38:07 +01:00
Florian Klink
ca12e08caa
nixosTests.bees: port to python 2019-11-24 18:49:35 +01:00
Florian Klink
2b9773f91e nixos/tests/beegfs: remove
This was broken for quite some time.
cc https://github.com/NixOS/nixpkgs/issues/73998
2019-11-24 17:32:55 +01:00
Frederik Rietdijk
65edeb8633 Merge master into staging-next 2019-11-20 10:01:49 +01:00
worldofpeace
b64a77de32 nixosTests: remove xfce4-14 test 2019-11-19 18:47:02 -05:00
Frederik Rietdijk
f6b39f852e Merge master into staging-next 2019-11-19 10:53:44 +01:00
rnhmjoj
f6a8eb2d00
nixos/tests/magnetico: port to python 2019-11-16 22:14:46 +01:00
Frederik Rietdijk
be7125dde7 Merge master into staging-next 2019-11-16 11:45:07 +01:00
worldofpeace
4583e293fd
Merge pull request #73251 from worldofpeace/remove-slim
nixos/slim: remove
2019-11-15 15:56:48 +00:00
Jan Tojnar
da76deffd1
Merge branch 'master' into staging-next 2019-11-14 23:25:36 +01:00
Leonhard Markert
ceccff3439 lorri: init at version unstable-2019-10-30
Includes user service (nixos/modules/services/development/lorri) that
starts on demand.
2019-11-14 16:06:27 +01:00
Frederik Rietdijk
c6e31d0767 Merge master into staging-next 2019-11-14 13:31:39 +01:00
Franz Pletz
e84840117b
Merge pull request #71510 from asymmetric/wg-ns
Add namespace support to Wireguard module
2019-11-14 01:24:59 +00:00
worldofpeace
ce26b3eaf0 nixos/slim: remove
The SLIM project is abandoned and their last release was in 2013.
Because of this it poses a security risk to systems, no one is working
on it or picked up maintenance. It also lacks compatibility with systemd
and logind sessions. For users, there liikely isn't anything like slim
that's as lightweight in terms of dependencies.
2019-11-11 17:10:41 -05:00
misuzu
08eb63b5ac nixos/3proxy: init 2019-11-11 16:15:29 +02:00
Frederik Rietdijk
73b88e17dd Merge staging-next into staging 2019-11-11 12:09:26 +01:00
Lorenzo Manacorda
412f6a967d wireguard: add creation and destination namespaces
The two new options make it possible to create the interface in one namespace
and move it to a different one, as explained at https://www.wireguard.com/netns/.
2019-11-09 11:59:14 +01:00
Minijackson
26acc9e63d
nixos/tests: add shiori to all-tests.nix 2019-11-08 18:17:08 +01:00
worldofpeace
9693d3922b all-tests.nix: remove gjs.nix 2019-11-07 08:09:26 -05:00
worldofpeace
9b99912d82 nixosTests.libgdata: port to python, move to installed-tests 2019-11-07 08:07:51 -05:00
worldofpeace
75a8cd9930 all-tests.nix: remove libxmlb 2019-11-07 08:03:58 -05:00
worldofpeace
eee5986ac3 nixos/tests: add gnome-installed-tests with builder function
The test script is also ported to python.
2019-11-06 19:18:28 -05:00
Jan Tojnar
3f2a425da3
Merge branch 'staging-next' into staging 2019-11-06 18:10:57 +01:00
Florian Klink
c3566c7a4f
Merge pull request #70352 from wucke13/systemd-importd
systemd: add systemd-importd
2019-11-05 15:42:44 +01:00
Eelco Dolstra
50ea99cbc1
nixos/tests/quake3.nix: Remove
This was a demo of the VM testing approach in an old paper but there's
no need to keep it around.
2019-11-05 15:14:30 +01:00
Eelco Dolstra
aa98348f88
jormungandr: Remove
This is a good example of a package/module that should be distributed
externally (e.g. as a flake [1]): it's not stable yet so anybody who
seriously wants to use it will want to use the upstream repo. Also,
it's highly specialized so NixOS is not really the right place at the
moment (every NixOS module slows down NixOS evaluation for everybody).

[1] https://github.com/edolstra/jormungandr/tree/flake
2019-11-05 15:00:58 +01:00