The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.
In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.
While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.
Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.
See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
* tuxguitar: Ensure that tuxguitar is launched with java 8 comtabilbe jre and libraries as greate java version is not supported
* tuxguitar: Added test to verify application starts without problems
* tuxguitar: 1.5.2 -> 1.5.4
This should catch regressions like #131074 in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
This update includes 35 security fixes.
CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589
Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
The one-line test is hard to fix in a readable manner
and doesn't really add value above the hello-world test.
So rather simplify to reduce maintenance.
This can be very useful when running the test headless or e.g. when
looking at Hydra logs. Especially the chrome://gpu content contains a
lot of interesting information.
I also decided to refactor the test_new_win() function to avoid
duplicate code and rely less on xdo.
Unfortunately there are some regressions in the GPU code that cause
Chromium and Google Chrome to crash, e.g.:
machine # [0709/084047.890436:ERROR:process_memory_range.cc(75)] read out of range[ 30.153484] show_signal: 20 callbacks suppressed
machine # [ 30.153490] traps: chrome[1036] trap invalid opcode ip:55af03357b29 sp:7ffeaa69ad10 error:0 in chrome[55aefe7a4000+81ec000]
machine #
machine # [0709/084047.955039:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
machine # [0709/084047.955078:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
machine # [ 30.126905] systemd[1]: Created slice system-systemd\x2dcoredump.slice.
machine # [ 30.137012] systemd[1]: Started Process Core Dump (PID 1038/UID 0).
machine # [ 30.571987] systemd-coredump[1039]: Process 1036 (chrome) of user 1000 dumped core.
machine # [992:1021:0709/084048.501937:ERROR:gpu_process_host.cc(995)] GPU process exited unexpectedly: exit_code=132
machine # [ 30.594747] systemd[1]: systemd-coredump@0-1038-0.service: Succeeded.
Hopefully this'll be fixed upstream before the final release (there are
bug reports for it) but for the meantime we have to launch the beta and
dev versions with "--use-gl=angle --use-angle=swiftshader".
In commit fbbaa4d40f, the Zsh default
prompt has changed from "walters" to "suse". So instead of:
root@default>
... we now have:
root@default:~/ >
However, in the NixOS VM test, we are matching "root@default>", which
doesn't include the current working directory and thus eventually leads
to a test failure after timing out.
To fix this, I changed the regex to include a newline at the beginning
and made sure that the hostname ends with a word boundary. This way it
doesn't matter whether the prompt is "walters" or "suse", because after
all the test is not about the prompt but about whether the history
mechanism works (or not).
Signed-off-by: aszlig <aszlig@nix.build>
I tried to make this as non-breaking as possible, but it will still
break things slightly for people expecting certain file names in the
packages themselves.
The modules overrides extraComponents which leads to a costly rebuild of
the home-assistant package with all tests. Make it less costly by not
running the tests, as does the default for the package option. The
package's tests are already run by ofborg on every pull request as well
as by Hydra when building home-assistant.
- remove check for `connected .JID: focus@auth.server` because
- log format was changed in c1945ea6cb
- connection.getUser() in jicofo also appears to be broken, returning null instead of username
- testing for this log line shouldn't be necessary, as we also test for "Authenticated as focus@auth.server"
- remove check for `External component successfully authenticated` because
- [JVB no longer uses component](https://community.jitsi.org/t/jvb-not-connecting/91157/2)
- increase VM memory
This reverts the test to be similar to its original Perl version, where
the test steps were performed as individual commands instead of what we
have now, where commands are sent to the machine as one giant string.
While this change doesn't seem like it would make a big difference, it
makes a huge difference if the test fails because you then get an error
about which command has failed exactly instead of just knowing that
"something in there" has failed.
I also switched 2 spaces indentation, because it is more in line with
Nix coding conventions.
Signed-off-by: aszlig <aszlig@nix.build>
Since commit b7749c7671, commands run as
part of VM tests are exiting immediately if an error happens.
When converting the overlayfs test to Python in commit
5ae92144ba, the individual test commands
were crammed into one big string instead of using a series of test
commands like done in the Perl version.
Additionally, the backslash-escaped dollar signs were necessary in
Perl's double-quoted strings to avoid variable interpolation, for Python
however, this results in an actual backslash being inserted into the
command.
While this obviously results in an exit code of 1 (without an error
message, since it's using bash's expression evaluation command), the
test didn't fail because putting all these commands in one string will
result in only the last error code being relevant.
With the change to "set -e" for commands sent to test machines, this has
changed and with the exit code of all commands now relevant, the test
now fails because the errors from individual command substitutions that
were prevented by escaping the dollar sign are now actually visible.
This in turn also means that until now, we wouldn't have noticed if the
overlayfs test would have failed for real.
Signed-off-by: aszlig <aszlig@nix.build>
The attributes got renamed in PR #126440 and in some places this caused
evaluation errors, e.g. the tarball job was saying (locally)
> attribute 'alsaUtils' missing, at /build/source/nixos/modules/services/audio/alsa.nix:6:4
and I suspect that trunk-combined jobset's failure to evaluate was also caused.
It failed since pipefail (b7749c7, PR #125683), due to `systemctl status`
not exiting with code=0 for inactive units (apparently).
That command is meant for humans anyway.
The test doesn't evaluate since #125469 because Linux 5.11 got removed
as it's EOL.
As this fixes the evaluation of the test and it only removes a
declaration that was apparently forgotten, I figured that a push to
unbreak the test is fine.
Firefox has been decoupled from the system certificate store since the
nss p11-kit integration in combination with our cacert package does not
expose CKA_NSS_MOZILLA_CA_POLICY, which among other things is required
for addon updates.
Bash's standard behavior of not propagating non-zero exit codes
through a pipeline is unexpected and almost universally
unwanted. Default to setting `pipefail` for the command being run;
it can still be turned off by prefixing the pipeline with
`set +o pipefail` if needed.
Also, set `errexit` and `nonunset` options to make the first command
of consecutive commands separated by `;` fail, and disallow
dereferencing unset variables respectively.
Previously, a failed backup would always overwrite ${db}.sql.gz,
because the bash `>` redirect truncates the file; even if the
backup was going to fail.
On the next run, the ${db}.prev.sql.gz backup would be
overwritten by the bad ${db}.sql.gz.
Now, if the backup fails, the ${db}.in-progress.sql.gz is in an
unknown state, but ${db}.sql.gz will not be written.
On the next run, ${db}.prev.sql.gz (our only good backup) will
not be overwritten because ${db}.sql.gz does not exist.
Commit 3a2e0c36e7 has removed
`--reuse-key` from default renew options, yet the tests still expected
keys not to change. This assertion is now removed, as they are supposed
to change on each renew/change.
PHP 7.3 won't be supported by upstream for the entire life cycle of
the 21.11 release.
Also drop the pcre' alias since it isn't needed anymore since we don't
need different pcre versions anymore.
When importing Nixpkgs within Nixpkgs, we should not consider aliases
to ensure we don't rely on them internally.
There are probably more places that need to be converted.
Previously this defaulted to the default MOTD in the solanum source
tree, and I don't want my friends to laugh at me. Includes a patch to
the tests to ensure that the MOTD is actually set.
This replicates the fix done in #109705 (solanum is a fork of charybdis,
so they share fundamental logic for this).
Signed-off-by: Christine Dodrill <me@christine.website>
Assert that the PostgreSQL version being deployed is the one used
upstream. Allow the user to override this assertion, since it's not
always possible or preferable to use the recommended one.
Since the update to wlroots 0.13 (e03dde82a7) the default VGA card
isn't supported anymore and we needed to switch to virtio (qxl didn't
work either). However, as it turned out "-vga virtio" (28b8cff301)
broke the test on AArch64. Luckily there's a third option that works on
all three supported platforms: virtio-gpu-pci
According to [0] "This device lacks VGA compatibility mode but is
otherwise identical to the virtio vga device. UEFI firmware can handle
this, and if your guests has drivers too you can use this instead of
virtio-vga. This will reduce the attack surface (no complex VGA
emulation support) and reduce the memory footprint by 8 MB (no pci
memory bar for VGA compatibility). This device can be placed in a PCI
Express slot."
So in the end this seems like the ideal choice :)
See also [1].
[0]: https://www.kraxel.org/blog/2019/09/display-devices-in-qemu/#virtio-gpu-pci
[1]: https://patches.openembedded.org/patch/164351/
The tests timeout on AArch64 (e.g. [0] and [1]), likely because the QEMU
option "-vga virtio" isn't supported there (unfortunately I currently
lack access to an AArch64 system with NixOS to investigate).
This also affects the test for Cage but that one is already limited to
x86_64-linux.
[0]: https://hydra.nixos.org/build/144148809
[1]: https://hydra.nixos.org/build/144103034
Adds includeStorePaths, allowing the omission of the store paths.
You generally want to leave it on, but tooling may disable this
to insert the store paths more efficiently via other means, such
as bind mounting the host store.