diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/flakes.sh | 56 | ||||
| -rw-r--r-- | tests/nss-preload.nix | 123 |
2 files changed, 153 insertions, 26 deletions
diff --git a/tests/flakes.sh b/tests/flakes.sh index 26cdf27b7..57d1b9aad 100644 --- a/tests/flakes.sh +++ b/tests/flakes.sh @@ -5,11 +5,6 @@ if [[ -z $(type -p git) ]]; then exit 99 fi -if [[ -z $(type -p hg) ]]; then - echo "Mercurial not installed; skipping flake tests" - exit 99 -fi - clearStore rm -rf $TEST_HOME/.cache $TEST_HOME/.config @@ -266,6 +261,8 @@ cat > $flake3Dir/flake.nix <<EOF mkDerivation { inherit system; name = "fnord"; + dummy = builtins.readFile (builtins.path { name = "source"; path = ./.; filter = path: type: baseNameOf path == "config.nix"; } + "/config.nix"); + dummy2 = builtins.readFile (builtins.path { name = "source"; path = inputs.flake1; filter = path: type: baseNameOf path == "simple.nix"; } + "/simple.nix"); buildCommand = '' cat \${inputs.nonFlake}/README.md > \$out ''; @@ -579,45 +576,52 @@ nix build -o $TEST_ROOT/result git+file://$flakeGitBare # Test Mercurial flakes. rm -rf $flake5Dir -hg init $flake5Dir +mkdir $flake5Dir cat > $flake5Dir/flake.nix <<EOF { outputs = { self, flake1 }: { defaultPackage.$system = flake1.defaultPackage.$system; - expr = assert builtins.pathExists ./flake.lock; 123; }; } EOF -hg add $flake5Dir/flake.nix -hg commit --config ui.username=foobar@example.org $flake5Dir -m 'Initial commit' +if [[ -n $(type -p hg) ]]; then + hg init $flake5Dir -nix build -o $TEST_ROOT/result hg+file://$flake5Dir -[[ -e $TEST_ROOT/result/hello ]] + hg add $flake5Dir/flake.nix + hg commit --config ui.username=foobar@example.org $flake5Dir -m 'Initial commit' + + nix build -o $TEST_ROOT/result hg+file://$flake5Dir + [[ -e $TEST_ROOT/result/hello ]] -(! nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revision) + (! nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revision) -nix eval hg+file://$flake5Dir#expr + nix eval hg+file://$flake5Dir#expr -nix eval hg+file://$flake5Dir#expr + nix eval hg+file://$flake5Dir#expr -(! nix eval hg+file://$flake5Dir#expr --no-allow-dirty) + (! nix eval hg+file://$flake5Dir#expr --no-allow-dirty) -(! nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revision) + (! nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revision) -hg commit --config ui.username=foobar@example.org $flake5Dir -m 'Add lock file' + hg commit --config ui.username=foobar@example.org $flake5Dir -m 'Add lock file' -nix flake metadata --json hg+file://$flake5Dir --refresh | jq -e -r .revision -nix flake metadata --json hg+file://$flake5Dir -[[ $(nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revCount) = 1 ]] + nix flake metadata --json hg+file://$flake5Dir --refresh | jq -e -r .revision + nix flake metadata --json hg+file://$flake5Dir + [[ $(nix flake metadata --json hg+file://$flake5Dir | jq -e -r .revCount) = 1 ]] + + nix build -o $TEST_ROOT/result hg+file://$flake5Dir --no-registries --no-allow-dirty + nix build -o $TEST_ROOT/result hg+file://$flake5Dir --no-use-registries --no-allow-dirty +fi -nix build -o $TEST_ROOT/result hg+file://$flake5Dir --no-registries --no-allow-dirty -nix build -o $TEST_ROOT/result hg+file://$flake5Dir --no-use-registries --no-allow-dirty +# Test path flakes. +rm -rf $flake5Dir/.hg $flake5Dir/flake.lock +nix flake lock path://$flake5Dir -# Test tarball flakes -tar cfz $TEST_ROOT/flake.tar.gz -C $TEST_ROOT --exclude .hg flake5 +# Test tarball flakes. +tar cfz $TEST_ROOT/flake.tar.gz -C $TEST_ROOT flake5 nix build -o $TEST_ROOT/result file://$TEST_ROOT/flake.tar.gz @@ -632,8 +636,8 @@ nix build -o $TEST_ROOT/result "file://$TEST_ROOT/flake.tar.gz?narHash=sha256-qQ # Test --override-input. git -C $flake3Dir reset --hard -nix flake lock $flake3Dir --override-input flake2/flake1 flake5 -vvvvv -[[ $(jq .nodes.flake1_2.locked.url $flake3Dir/flake.lock) =~ flake5 ]] +nix flake lock $flake3Dir --override-input flake2/flake1 file://$TEST_ROOT/flake.tar.gz -vvvvv +[[ $(jq .nodes.flake1_2.locked.url $flake3Dir/flake.lock) =~ flake.tar.gz ]] nix flake lock $flake3Dir --override-input flake2/flake1 flake1 [[ $(jq -r .nodes.flake1_2.locked.rev $flake3Dir/flake.lock) =~ $hash2 ]] diff --git a/tests/nss-preload.nix b/tests/nss-preload.nix new file mode 100644 index 000000000..2610d2b30 --- /dev/null +++ b/tests/nss-preload.nix @@ -0,0 +1,123 @@ +{ nixpkgs, system, overlay }: + +with import (nixpkgs + "/nixos/lib/testing-python.nix") { + inherit system; + extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ]; +}; + +makeTest ( + +rec { + name = "nss-preload"; + + nodes = { + http_dns = { lib, pkgs, config, ... }: { + networking.firewall.enable = false; + networking.interfaces.eth1.ipv6.addresses = lib.mkForce [ + { address = "fd21::1"; prefixLength = 64; } + ]; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce [ + { address = "192.168.0.1"; prefixLength = 24; } + ]; + + services.unbound = { + enable = true; + enableRootTrustAnchor = false; + settings = { + server = { + interface = [ "192.168.0.1" "fd21::1" "::1" "127.0.0.1" ]; + access-control = [ "192.168.0.0/24 allow" "fd21::/64 allow" "::1 allow" "127.0.0.0/8 allow" ]; + local-data = [ + ''"example.com. IN A 192.168.0.1"'' + ''"example.com. IN AAAA fd21::1"'' + ''"tarballs.nixos.org. IN A 192.168.0.1"'' + ''"tarballs.nixos.org. IN AAAA fd21::1"'' + ]; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."example.com" = { + root = pkgs.runCommand "testdir" {} '' + mkdir "$out" + echo hello world > "$out/index.html" + ''; + }; + }; + }; + + # client consumes a remote resolver + client = { lib, nodes, pkgs, ... }: { + networking.useDHCP = false; + networking.nameservers = [ + (lib.head nodes.http_dns.config.networking.interfaces.eth1.ipv6.addresses).address + (lib.head nodes.http_dns.config.networking.interfaces.eth1.ipv4.addresses).address + ]; + networking.interfaces.eth1.ipv6.addresses = [ + { address = "fd21::10"; prefixLength = 64; } + ]; + networking.interfaces.eth1.ipv4.addresses = [ + { address = "192.168.0.10"; prefixLength = 24; } + ]; + + nix.sandboxPaths = lib.mkForce []; + nix.binaryCaches = lib.mkForce []; + nix.useSandbox = lib.mkForce true; + }; + }; + + nix-fetch = pkgs.writeText "fetch.nix" '' + derivation { + # This derivation is an copy from what is available over at + # nix.git:corepkgs/fetchurl.nix + builder = "builtin:fetchurl"; + + # We're going to fetch data from the http_dns instance created before + # we expect the content to be the same as the content available there. + # ``` + # $ nix-hash --type sha256 --to-base32 $(echo "hello world" | sha256sum | cut -d " " -f 1) + # 0ix4jahrkll5zg01wandq78jw3ab30q4nscph67rniqg5x7r0j59 + # ``` + outputHash = "0ix4jahrkll5zg01wandq78jw3ab30q4nscph67rniqg5x7r0j59"; + outputHashAlgo = "sha256"; + outputHashMode = "flat"; + + name = "example.com"; + url = "http://example.com"; + + unpack = false; + executable = false; + + system = "builtin"; + + preferLocalBuild = true; + + impureEnvVars = [ + "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" + ]; + + urls = [ "http://example.com" ]; + } + ''; + + testScript = { nodes, ... }: '' + http_dns.wait_for_unit("nginx") + http_dns.wait_for_open_port(80) + http_dns.wait_for_unit("unbound") + http_dns.wait_for_open_port(53) + + client.start() + client.wait_for_unit('multi-user.target') + + with subtest("can fetch data from a remote server outside sandbox"): + client.succeed("nix --version >&2") + client.succeed("curl -vvv http://example.com/index.html >&2") + + with subtest("nix-build can lookup dns and fetch data"): + client.succeed(""" + nix-build ${nix-fetch} >&2 + """) + ''; +}) |