Skip to content

Commit

Permalink
nixosTests.nscd: test unscd as well
Browse files Browse the repository at this point in the history 
This shows that external nss module resolution is broken with unscd.
  • Loading branch information
@flokli
flokli committed Oct 14, 2022
1 parent 1224368 commit f08b8d6
Showing 1 changed file with 98 additions and 69 deletions.
167 changes: 98 additions & 69 deletions nixos/tests/nscd.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,80 +14,109 @@ in
{
name = "nscd";

nodes.machine = { lib, ... }: {
nodes.machine = { pkgs, ... }: {
imports = [ common/user-account.nix ];
networking.extraHosts = ''
2001:db8::1 somehost.test
192.0.2.1 somehost.test
'';

specialisation = {
withUnscd.configuration = { ... }: {
services.nscd.package = pkgs.unscd;
};
};
};

testScript = ''
start_all()
machine.wait_for_unit("default.target")
# Regression test for https://github.com/NixOS/nixpkgs/issues/50273
with subtest("DynamicUser actually allocates a user"):
assert "iamatest" in machine.succeed(
"systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
)
# Test resolution of somehost.test with getent', to make sure we go via nscd
with subtest("host lookups via nscd"):
# ahosts
output = machine.succeed("${getent'} ahosts somehost.test")
assert "192.0.2.1" in output
assert "2001:db8::1" in output
# ahostsv4
output = machine.succeed("${getent'} ahostsv4 somehost.test")
assert "192.0.2.1" in output
assert "2001:db8::1" not in output
# ahostsv6
output = machine.succeed("${getent'} ahostsv6 somehost.test")
assert "192.0.2.1" not in output
assert "2001:db8::1" in output
# reverse lookups (hosts)
assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1")
assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1")
# Test host resolution via nss modules works
# We rely on nss-myhostname in this case, which resolves *.localhost and
# _gateway.
# We don't need to use getent' here, as non-glibc nss modules can only be
# discovered via nscd.
with subtest("nss-myhostname provides hostnames (ahosts)"):
# ahosts
output = machine.succeed("getent ahosts foobar.localhost")
assert "::1" in output
assert "127.0.0.1" in output
# ahostsv4
output = machine.succeed("getent ahostsv4 foobar.localhost")
assert "::1" not in output
assert "127.0.0.1" in output
# ahostsv6
output = machine.succeed("getent ahostsv6 foobar.localhost")
assert "::1" in output
assert "127.0.0.1" not in output
# ahosts
output = machine.succeed("getent ahosts _gateway")
# returns something like the following:
# 10.0.2.2 STREAM _gateway
# 10.0.2.2 DGRAM
# 10.0.2.2 RAW
# fe80::2 STREAM
# fe80::2 DGRAM
# fe80::2 RAW
# Verify we see both ip addresses
assert "10.0.2.2" in output
assert "fe80::2" in output
'';
testScript = { nodes, ... }:
let
specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
in
''
# Regression test for https://github.com/NixOS/nixpkgs/issues/50273
def test_dynamic_user():
with subtest("DynamicUser actually allocates a user"):
assert "iamatest" in machine.succeed(
"systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
)
# Test resolution of somehost.test with getent', to make sure we go via nscd
def test_host_lookups():
with subtest("host lookups via nscd"):
# ahosts
output = machine.succeed("${getent'} ahosts somehost.test")
assert "192.0.2.1" in output
assert "2001:db8::1" in output
# ahostsv4
output = machine.succeed("${getent'} ahostsv4 somehost.test")
assert "192.0.2.1" in output
assert "2001:db8::1" not in output
# ahostsv6
output = machine.succeed("${getent'} ahostsv6 somehost.test")
assert "192.0.2.1" not in output
assert "2001:db8::1" in output
# reverse lookups (hosts)
assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1")
assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1")
# Test host resolution via nss modules works
# We rely on nss-myhostname in this case, which resolves *.localhost and
# _gateway.
# We don't need to use getent' here, as non-glibc nss modules can only be
# discovered via nscd.
def test_nss_myhostname():
with subtest("nss-myhostname provides hostnames (ahosts)"):
# ahosts
output = machine.succeed("getent ahosts foobar.localhost")
assert "::1" in output
assert "127.0.0.1" in output
# ahostsv4
output = machine.succeed("getent ahostsv4 foobar.localhost")
assert "::1" not in output
assert "127.0.0.1" in output
# ahostsv6
output = machine.succeed("getent ahostsv6 foobar.localhost")
assert "::1" in output
assert "127.0.0.1" not in output
# ahosts
output = machine.succeed("getent ahosts _gateway")
# returns something like the following:
# 10.0.2.2 STREAM _gateway
# 10.0.2.2 DGRAM
# 10.0.2.2 RAW
# fe80::2 STREAM
# fe80::2 DGRAM
# fe80::2 RAW
# Verify we see both ip addresses
assert "10.0.2.2" in output
assert "fe80::2" in output
start_all()
machine.wait_for_unit("default.target")
# Test all tests with glibc-nscd.
test_dynamic_user()
test_host_lookups()
test_nss_myhostname()
with subtest("unscd"):
machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test')
machine.wait_for_unit("default.target")
# known to fail, unscd doesn't load external NSS modules
# test_dynamic_user()
test_host_lookups()
# known to fail, unscd doesn't load external NSS modules
# test_nss_myhostname()
'';
})

0 comments on commit f08b8d6

Please sign in to comment.