pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #140317 from risicle/ris-openssh-tests

authored by Janne Heß and committed by GitHub f96b3d46 64baf259

+54
unified split
+54
pkgs/tools/networking/openssh/common.nix
··· 18 , libedit 19 , pkg-config 20 , pam 21 , etcDir ? null 22 , withKerberos ? !(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) 23 , libkrb5 24 , libfido2 25 , nixosTests 26 , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl 27 , linkOpenssl ? true ··· 99 enableParallelBuilding = true; 100 101 hardeningEnable = [ "pie" ]; 102 103 postInstall = '' 104 # Install ssh-copy-id, it's very useful.
··· 18 , libedit 19 , pkg-config 20 , pam 21 + , libredirect 22 , etcDir ? null 23 , withKerberos ? !(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) 24 , libkrb5 25 , libfido2 26 + , hostname 27 , nixosTests 28 , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl 29 , linkOpenssl ? true ··· 101 enableParallelBuilding = true; 102 103 hardeningEnable = [ "pie" ]; 104 + 105 + doCheck = true; 106 + checkInputs = optional (!stdenv.isDarwin) hostname; 107 + preCheck = '' 108 + # construct a dummy HOME 109 + export HOME=$(realpath ../dummy-home) 110 + mkdir -p ~/.ssh 111 + 112 + # construct a dummy /etc/passwd file for the sshd under test 113 + # to use to look up the connecting user 114 + DUMMY_PASSWD=$(realpath ../dummy-passwd) 115 + cat > $DUMMY_PASSWD <<EOF 116 + $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL 117 + EOF 118 + 119 + # we need to NIX_REDIRECTS /etc/passwd both for processes 120 + # invoked directly and those invoked by the "remote" session 121 + cat > ~/.ssh/environment.base <<EOF 122 + NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD 123 + LD_PRELOAD=${libredirect}/lib/libredirect.so 124 + EOF 125 + 126 + # use an ssh environment file to ensure environment is set 127 + # up appropriately for build environment even when no shell 128 + # is invoked by the ssh session. otherwise the PATH will 129 + # only contain default unix paths like /bin which we don't 130 + # have in our build environment 131 + cat - regress/test-exec.sh > regress/test-exec.sh.new <<EOF 132 + cp $HOME/.ssh/environment.base $HOME/.ssh/environment 133 + echo "PATH=\$PATH" >> $HOME/.ssh/environment 134 + EOF 135 + mv regress/test-exec.sh.new regress/test-exec.sh 136 + 137 + # explicitly enable the PermitUserEnvironment feature 138 + substituteInPlace regress/test-exec.sh \ 139 + --replace \ 140 + 'cat << EOF > $OBJ/sshd_config' \ 141 + $'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes' 142 + 143 + # some tests want to use files under /bin as example files 144 + for f in regress/sftp-cmds.sh regress/forwarding.sh; do 145 + substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))" 146 + done 147 + 148 + # set up NIX_REDIRECTS for direct invocations 149 + set -a; source ~/.ssh/environment.base; set +a 150 + ''; 151 + # integration tests hard to get working on darwin with its shaky 152 + # sandbox 153 + checkTarget = optional (!stdenv.isDarwin) "t-exec" 154 + # other tests are less demanding of the environment 155 + ++ [ "unit" "file-tests" "interop-tests" ]; 156 157 postInstall = '' 158 # Install ssh-copy-id, it's very useful.