This test wants to download things from the internet while building the
system. It can probably be fixed by ensuring these paths are present in
the initial nix-store.
This appears to avoid requiring KVM when it’s not available. This is
what I originally though -cpu host did. Unfortunately not much
documentation available from the QEMU side on this, but this appears
to square with help:
$ qemu-system-x86 -cpu help
...
x86 host KVM processor with all supported host features
x86 max Enables all features supported by the accelerator in the current host
...
Whether we actually want to support this not clear, since this only
happens when your CPU doesn’t have full KVM support. Some Nix builders
are lying about kvm support though. Things aren’t too slow without it
though.
Fixes https://github.com/NixOS/nixpkgs/issues/85394
Alternative to https://github.com/NixOS/nixpkgs/pull/83920
Related to #72828
Replaces and closes#76708
Looks like `nix ping-store` does not output anything anymore but still
fails when the connection does not work.
Since systemd 243, docs were already steering users towards using
`journal`:
eedaf7f322
systemd 246 will go one step further, it shows warnings for these units
during bootup, and will [automatically convert these occurences to
`journal`](f3dc6af20f):
> [ 6.955976] systemd[1]: /nix/store/hwyfgbwg804vmr92fxc1vkmqfq2k9s17-unit-display-manager.service/display-manager.service:27: Standard output type syslog is obsolete, automatically updating to journal. Please update│······················
your unit file, and consider removing the setting altogether.
So there's no point of keeping `syslog` here, and it's probably a better
idea to just not set it, due to:
> This setting defaults to the value set with DefaultStandardOutput= in
> systemd-system.conf(5), which defaults to journal.
This creates and opens a luks volume, puts its passphrase into a keyfile
and writes a /etc/crypttab. It then reboots the machine, and verifies
systemd parsed /etc/crypttab properly, and was able to unlock the volume
with the keyfile provided (as we try to mount it).
The memorySize of the VM had to be bumped, as luksFormat would otherwise
run out of memory.
Cookie jar can be used to accurately test if the login was successful.
Simply searching for the user name is not sufficient, since it is always
part of the returned page after login. The page should display a phrase
containing the username after login.
This was omitted in the latest update.
Only adds ~400 KB.
It required adding openssl to tests so I tacked on some cleanups.
In particular, the GI_TYPELIB_PATH was already being set in the wrapper
so we can remove it from the module (not sure why Gtk was even there).
Also switched away from using pkgconfig and docbook_xsl aliases
and reordered the expression a bit.
Not strictly an upgrade, but adds a new mongodb-4_2 target with the
current mongodb from that branch.
Use matching client and server versions in mongodb tests- tests were
using the mongo 3.4 client to connect, and this finally doesn't work
with server 4.2.
Per reviewer suggestion, adding myself as cheetah3 maintainer.
Additionally, reestore comments describing the purpose of the
build-dependencies patch
Along with the `socat` fix in the parent commit, this makes
the Flatpak’s installed tests finally pass again.
The tests seem to need slightly over 2G of disk space,
and it appears that the test suite was ported to Python 3 in 1.5.1:
2b6641575d
Flatpak’s installed tests build Flatpak runtimes, among other things.
Upstream code does this by copying some programs on `PATH`
as well as some possible dependencies from host’s /usr.
We patch the code to use `nix-store --query --requisites`
to make the dependency discovery easier.
The Flatpak’s installed tests add `socat` to `PATH` and later run
`nix-store --query --requisites` on its location but it was failing with
error: path '/nix/store/qcyf7nq5vvfw32967sv4j6z190inrbrc-socat-1.7.3.4' is not valid
The issue occurred because, while the host Nix store is bind mounted into the test VM,
the VM’s store uses its own database that only contains the packages in the VM’s closure.
Since the test commands are not actually part of the VM but only passed through PTY,
the `flatpak.installedTests` derivation was not part of the VM’s closure, so `nix-store`
in the VM could not get information about its dependency `socat`.
Let’s make the `installedTests` of the tested package part of the test VM’s closure
by passing it as a global environment variable. This will also have the added benefit
that user no longer has to type the path when running the installed tests manually in the VM;
they can just use `gnome-desktop-testing-runner -d $TESTED_PACKAGE_INSTALLED_TESTS`,
which is much more conducive to tab completion.
This modifies the `router` to not give out a range of IP addresses but
only give out a fixed address based on the MAC address using the
`services.dhcpd4.machines` option.
To get access to the MAC address the `qemuNicMac` function is defined
and exported from `qemu-flags.nix`.
Also, add some sleep statements in between, which seems to at least feel
like it causes
> WARNING: Device /dev/vda* not initialized in udev database even after waiting 10000000 microseconds.
To occur less frequently.
This eventually still succeeds after some amount of waiting, I suspect
some racyness in the way lvm's udev-triggered scripts trigger other
units.
This is required by (among others) Podman to run containers in rootless mode.
Other distributions such as Fedora and Ubuntu already set up these mappings.
The scheme with a start UID/GID offset starting at 100000 and increasing in 65536 increments is copied from Fedora.
The image tag can be specified or generated from the output hash.
Previously, a generated tag could be recovered from the evaluated
image with some string operations.
However, with the introduction of streamLayeredImage, it's not
feasible to compute the generated tag yourself.
With this change, the imageTag attribute is set unconditionally,
for the buildImage, buildLayeredImage, streamLayeredImage functions.
This permits using method_set_hostname but still denies
method_set_static_hostname. As a result DHCP clients can now always set
the transient hostname via the SetHostname method of the D-Bus interface
of systemd-hostnamed (org.freedesktop.hostname1.set-hostname).
If the NixOS option networking.hostName is set to an empty string (or
"localhost") the static hostname (kernel.hostname but NOT /etc/hostname)
will additionally be updated (this is intended).
From "man hostnamectl": The transient hostname is a fallback value
received from network configuration. If a static hostname is set, and is
valid (something other than localhost), then the transient hostname is
not used.
Fix#74847.
Note: It's possible to restrict access to the org.freedesktop.hostname1
interface using Polkit rules.
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs
The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.
This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.
The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:
- The client that uses boot.initrd.network.openvpn
- An OpenVPN server that acts as gateway and forwards a port
to the client
- A node that is external to the OpenVPN network
The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
test failed because gnutls-cli does not properly report connection
errors any more, fixed by increasing the debug level for gnutls-cli
Fixes: #84507Closes: #90718
This option exposes the prefconfigured nextcloud-occ
program. nextcloud-occ can then be used in other systemd services or
added in environment.systemPackages.
The nextcloud test shows how it can be add in
environment.systemPackages.
Done by setting `autopilot.min_quorum = 3`.
Techncially, this would have been required to keep the test correct since
Consul's "autopilot" "Dead Server Cleanup" was enabled by default (I believe
that was in Consul 0.8). Practically, the issue only occurred with our NixOS
test with releases >= `1.7.0-beta2` (see #90613). The setting itself is
available since Consul 1.6.2.
However, this setting was not documented clearly enough for anybody to notice,
and only the upstream issue https://github.com/hashicorp/consul/issues/8118
I filed brought that to light.
As explained there, the test could also have been made pass by applying the
more correct rolling reboot procedure
-m.wait_until_succeeds("[ $(consul members | grep -o alive | wc -l) == 5 ]")
+m.wait_until_succeeds(
+ "[ $(consul operator raft list-peers | grep true | wc -l) == 3 ]"
+)
but we also intend to test that Consul can regain consensus even if
the quorum gets temporarily broken.
The systemd socket unit files now more precisely track the IPFS
configuration, by including any multaddr they can make a `ListenStream`
for. (The daemon doesn't currently support anything which would use
`ListDatagram`, so we don't need to worry about that.)
The tests use some of these features.
Reads a bit more naturally, and now the changes to the
acme-${cert}.service actually reflect what would be needed were you to
do the same in production.
e.g. "for dns-01, your service that needs the cert needs to pull in the
cert"