movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-12 05:16:25 +03:00
Code Activity

Merge remote-tracking branch 'upstream/master' into staging-next

Browse source
This commit is contained in:
annalee 2024-03-25 18:04:41 +00:00
commit 7541ec60b6
No known key found for this signature in database
74 changed files with 1605 additions and 595 deletions
Download patch file Download diff file Expand all files Collapse all files

52
nixos/tests/nix-ld.nix
View file

@ -1,17 +1,39 @@
import ./make-test-python.nix ({ lib, pkgs, ...} :
{ system ? builtins.currentSystem,
config ? {},
pkgs ? import ../.. { inherit system config; }
}:
let
inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
shared =
{ config, pkgs, ... }:
{
programs.nix-ld.enable = true;
environment.systemPackages = [
(pkgs.runCommand "patched-hello" { } ''
install -D -m755 ${pkgs.hello}/bin/hello $out/bin/hello
patchelf $out/bin/hello --set-interpreter $(cat ${config.programs.nix-ld.package}/nix-support/ldpath)
'')
];
};
in
{
name = "nix-ld";
nodes.machine = { pkgs, ... }: {
programs.nix-ld.enable = true;
environment.systemPackages = [
(pkgs.runCommand "patched-hello" {} ''
install -D -m755 ${pkgs.hello}/bin/hello $out/bin/hello
patchelf $out/bin/hello --set-interpreter $(cat ${pkgs.nix-ld}/nix-support/ldpath)
'')
];
nix-ld = makeTest {
name = "nix-ld";
nodes.machine = shared;
testScript = ''
start_all()
machine.succeed("hello")
'';
};
testScript = ''
start_all()
machine.succeed("hello")
'';
})
nix-ld-rs = makeTest {
name = "nix-ld-rs";
nodes.machine = {
imports = [ shared ];
programs.nix-ld.package = pkgs.nix-ld-rs;
};
testScript = ''
start_all()
machine.succeed("hello")
'';
};
}

93
nixos/tests/tracee.nix
View file

@ -1,7 +1,13 @@
import ./make-test-python.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: rec {
name = "tracee-integration";
meta.maintainers = pkgs.tracee.meta.maintainers;
passthru.hello-world-builder = pkgs: pkgs.dockerTools.buildImage {
name = "hello-world";
tag = "latest";
config.Cmd = [ "${pkgs.hello}/bin/hello" ];
};
nodes = {
machine = { config, pkgs, ... }: {
# EventFilters/trace_only_events_from_new_containers and
@ -12,57 +18,48 @@ import ./make-test-python.nix ({ pkgs, ... }: {
environment.systemPackages = with pkgs; [
# required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
which
# build the go integration tests as a binary
(tracee.overrideAttrs (oa: {
pname = oa.pname + "-integration";
postPatch = oa.postPatch or "" + ''
# prepare tester.sh (which will be embedded in the test binary)
patchShebangs tests/integration/tester.sh
# fix the test to look at nixos paths for running programs
substituteInPlace tests/integration/integration_test.go \
--replace "bin=/usr/bin/" "comm=" \
--replace "binary=/usr/bin/" "comm=" \
--replace "/usr/bin/dockerd" "dockerd" \
--replace "/usr/bin" "/run/current-system/sw/bin"
'';
nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ];
buildPhase = ''
runHook preBuild
# just build the static lib we need for the go test binary
make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core ./dist/btfhub
# then compile the tests to be ran later
CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/...
runHook postBuild
'';
doCheck = false;
outputs = [ "out" ];
installPhase = ''
mkdir -p $out/bin
mv $GOPATH/tracee-integration $out/bin/
'';
doInstallCheck = false;
meta = oa.meta // {
outputsToInstall = [];
};
}))
# the go integration tests as a binary
tracee.passthru.tests.integration-test-cli
];
};
};
testScript = ''
machine.wait_for_unit("docker.service")
testScript =
let
skippedTests = [
# these comm tests for some reason do not resolve.
# something about the test is different as it works fine if I replicate
# the policies and run tracee myself but doesn't work in the integration
# test either with the automatic run or running the commands by hand
# while it's searching.
"Test_EventFilters/comm:_event:_args:_trace_event_set_in_a_specific_policy_with_args_from_ls_command"
"Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands"
with subtest("run integration tests"):
# EventFilters/trace_only_events_from_new_containers also requires a container called "alpine"
machine.succeed('tar c -C ${pkgs.pkgsStatic.busybox} . | docker import - alpine --change "ENTRYPOINT [\"sleep\"]"')
# worked at some point, seems to be flakey
"Test_EventFilters/pid:_event:_args:_trace_event_sched_switch_with_args_from_pid_0"
];
in
''
with subtest("prepare for integration tests"):
machine.wait_for_unit("docker.service")
machine.succeed('which bash')
# Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration"
print(machine.succeed(
'mkdir /tmp/integration',
'cd /tmp/integration && tracee-integration -test.v'
))
'';
# EventFilters/trace_only_events_from_new_containers also requires a container called "hello-world"
machine.succeed('docker load < ${passthru.hello-world-builder pkgs}')
# exec= needs fully resolved paths
machine.succeed(
'mkdir /tmp/testdir',
'cp $(which who) /tmp/testdir/who',
'cp $(which uname) /tmp/testdir/uname',
)
with subtest("run integration tests"):
# Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration"
# tests must be ran with 1 process
print(machine.succeed(
'mkdir /tmp/integration',
'cd /tmp/integration && export PATH="/tmp/testdir:$PATH" && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"'
))
'';
})