diff options
| author | ajs124 <ajs124@users.noreply.github.com> | 2022-03-01 04:03:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-01 11:03:47 +0800 |
| commit | 8289e6478beea99d7278891526d93bca62266509 (patch) | |
| tree | a45bc21d98e98de7e3d9a3b04a841ef283fd475f | |
| parent | e78a5bc15a0f32c6a2a203b1d759968b83f78bb0 (diff) | |
| download | nixpkgs-8289e6478beea99d7278891526d93bca62266509.tar nixpkgs-8289e6478beea99d7278891526d93bca62266509.tar.gz nixpkgs-8289e6478beea99d7278891526d93bca62266509.tar.bz2 nixpkgs-8289e6478beea99d7278891526d93bca62266509.tar.lz nixpkgs-8289e6478beea99d7278891526d93bca62266509.tar.xz nixpkgs-8289e6478beea99d7278891526d93bca62266509.tar.zst nixpkgs-8289e6478beea99d7278891526d93bca62266509.zip | |
vsftpd: enable seccomp (#158974)
* vsftpd: enable seccomp * nixos/tests/vsftpd: add basic test * vsftpd: add test to passthru
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/vsftpd.nix | 42 | ||||
| -rw-r--r-- | pkgs/servers/ftp/vsftpd/default.nix | 10 |
3 files changed, 50 insertions, 3 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5d03893a56b..b173c90c7f3 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -554,6 +554,7 @@ in vikunja = handleTest ./vikunja.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; vscodium = discoverTests (import ./vscodium.nix); + vsftpd = handleTest ./vsftpd.nix {}; wasabibackend = handleTest ./wasabibackend.nix {}; wiki-js = handleTest ./wiki-js.nix {}; wine = handleTest ./wine.nix {}; diff --git a/nixos/tests/vsftpd.nix b/nixos/tests/vsftpd.nix new file mode 100644 index 00000000000..4bea27f0eb1 --- /dev/null +++ b/nixos/tests/vsftpd.nix @@ -0,0 +1,42 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "vsftpd"; + + nodes = { + server = { + services.vsftpd = { + enable = true; + userlistDeny = false; + localUsers = true; + userlist = [ "ftp-test-user" ]; + writeEnable = true; + localRoot = "/tmp"; + }; + networking.firewall.enable = false; + + users = { + users.ftp-test-user = { + isSystemUser = true; + password = "ftp-test-password"; + group = "ftp-test-group"; + }; + groups.ftp-test-group = {}; + }; + }; + + client = {}; + }; + + testScript = '' + client.start() + server.wait_for_unit("vsftpd") + server.wait_for_open_port("21") + + client.succeed("curl -u ftp-test-user:ftp-test-password ftp://server") + client.succeed('echo "this is a test" > /tmp/test.file.up') + client.succeed("curl -v -T /tmp/test.file.up -u ftp-test-user:ftp-test-password ftp://server") + client.succeed("curl -u ftp-test-user:ftp-test-password ftp://server/test.file.up > /tmp/test.file.down") + client.succeed("diff /tmp/test.file.up /tmp/test.file.down") + assert client.succeed("cat /tmp/test.file.up") == server.succeed("cat /tmp/test.file.up") + assert client.succeed("cat /tmp/test.file.down") == server.succeed("cat /tmp/test.file.up") + ''; +}) diff --git a/pkgs/servers/ftp/vsftpd/default.nix b/pkgs/servers/ftp/vsftpd/default.nix index 3aad0460b3f..3a3517f4f23 100644 --- a/pkgs/servers/ftp/vsftpd/default.nix +++ b/pkgs/servers/ftp/vsftpd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, libcap, openssl, pam }: +{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, nixosTests }: stdenv.mkDerivation rec { pname = "vsftpd"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM="; }; - buildInputs = [ libcap openssl pam ]; + buildInputs = [ libcap openssl libseccomp pam ]; patches = [ ./CVE-2015-1419.patch ]; @@ -30,10 +30,14 @@ stdenv.mkDerivation rec { "CC=${stdenv.cc.targetPrefix}cc" ]; - NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap"; + NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap -lseccomp"; enableParallelBuilding = true; + passthru = { + tests = { inherit (nixosTests) vsftpd; }; + }; + meta = with lib; { description = "A very secure FTP daemon"; license = licenses.gpl2; |