import ./make-test-python.nix ({ pkgs, ... }: let # build a getent that itself doesn't see anything in /etc/hosts and # /etc/nsswitch.conf, by using libredirect to steer its own requests to # /dev/null. # This means is /has/ to go via nscd to actuallly resolve any of the # additionally configured hosts. getent' = pkgs.writeScript "getent-without-etc-hosts" '' export NIX_REDIRECTS=/etc/hosts=/dev/null:/etc/nsswitch.conf=/dev/null export LD_PRELOAD=${pkgs.libredirect}/lib/libredirect.so exec getent $@ ''; in { name = "nscd"; nodes.machine = { pkgs, ... }: { imports = [ common/user-account.nix ]; networking.extraHosts = '' 2001:db8::1 somehost.test 192.0.2.1 somehost.test ''; systemd.services.sockdump = { wantedBy = [ "multi-user.target" ]; path = [ # necessary for bcc to unpack kernel headers and invoke modprobe pkgs.gnutar pkgs.xz.bin pkgs.kmod ]; environment.PYTHONUNBUFFERED = "1"; serviceConfig = { ExecStart = "${pkgs.sockdump}/bin/sockdump /var/run/nscd/socket"; Restart = "on-failure"; RestartSec = "1"; Type = "simple"; }; }; specialisation = { withGlibcNscd.configuration = { ... }: { services.nscd.enableNsncd = false; }; withUnscd.configuration = { ... }: { services.nscd.enableNsncd = false; services.nscd.package = pkgs.unscd; }; }; }; testScript = { nodes, ... }: let specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; in '' # Regression test for https://github.com/NixOS/nixpkgs/issues/50273 def test_dynamic_user(): with subtest("DynamicUser actually allocates a user"): assert "iamatest" in machine.succeed( "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami" ) # Test resolution of somehost.test with getent', to make sure we go via # nscd protocol def test_host_lookups(): with subtest("host lookups via nscd protocol"): # ahosts output = machine.succeed("${getent'} ahosts somehost.test") assert "192.0.2.1" in output assert "2001:db8::1" in output # ahostsv4 output = machine.succeed("${getent'} ahostsv4 somehost.test") assert "192.0.2.1" in output assert "2001:db8::1" not in output # ahostsv6 output = machine.succeed("${getent'} ahostsv6 somehost.test") assert "192.0.2.1" not in output assert "2001:db8::1" in output # reverse lookups (hosts) assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1") assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1") # Test host resolution via nss modules works # We rely on nss-myhostname in this case, which resolves *.localhost and # _gateway. # We don't need to use getent' here, as non-glibc nss modules can only be # discovered via nscd. def test_nss_myhostname(): with subtest("nss-myhostname provides hostnames (ahosts)"): # ahosts output = machine.succeed("getent ahosts foobar.localhost") assert "::1" in output assert "127.0.0.1" in output # ahostsv4 output = machine.succeed("getent ahostsv4 foobar.localhost") assert "::1" not in output assert "127.0.0.1" in output # ahostsv6 output = machine.succeed("getent ahostsv6 foobar.localhost") assert "::1" in output assert "127.0.0.1" not in output start_all() machine.wait_for_unit("default.target") # give sockdump some time to finish attaching. machine.sleep(5) # Test all tests with glibc-nscd. test_dynamic_user() test_host_lookups() test_nss_myhostname() with subtest("glibc-nscd"): machine.succeed('${specialisations}/withGlibcNscd/bin/switch-to-configuration test') machine.wait_for_unit("default.target") test_dynamic_user() test_host_lookups() test_nss_myhostname() with subtest("unscd"): machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test') machine.wait_for_unit("default.target") # known to fail, unscd doesn't load external NSS modules # test_dynamic_user() test_host_lookups() # known to fail, unscd doesn't load external NSS modules # test_nss_myhostname() ''; })