summary refs log tree commit diff
path: root/pkgs/tools/networking/openssh/common.nix
diff options
context:
space:
mode:
authorRobert Scott <code@humanleg.org.uk>2021-10-02 19:30:59 +0100
committerRobert Scott <code@humanleg.org.uk>2021-10-03 12:37:19 +0100
commit85c63a515d21c8fa27a561a9b8a1db5b18118e39 (patch)
treea5a536ba105ae6d678b8bbdb92db4e82c32b2b1b /pkgs/tools/networking/openssh/common.nix
parent9960091b163086da64aae525a44620bc173965c1 (diff)
downloadnixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.tar
nixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.tar.gz
nixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.tar.bz2
nixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.tar.lz
nixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.tar.xz
nixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.tar.zst
nixpkgs-85c63a515d21c8fa27a561a9b8a1db5b18118e39.zip
openssh: enable tests
Diffstat (limited to 'pkgs/tools/networking/openssh/common.nix')
-rw-r--r--pkgs/tools/networking/openssh/common.nix54


1 files changed, 54 insertions, 0 deletions
diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix
index fefa80b9c4f..ad807c91597 100644
--- a/pkgs/tools/networking/openssh/common.nix
+++ b/pkgs/tools/networking/openssh/common.nix
@@ -18,10 +18,12 @@
 , libedit
 , pkg-config
 , pam
+, libredirect
 , etcDir ? null
 , withKerberos ? !(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)
 , libkrb5
 , libfido2
+, hostname
 , nixosTests
 , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
 , linkOpenssl ? true
@@ -100,6 +102,58 @@ stdenv.mkDerivation rec {
 
   hardeningEnable = [ "pie" ];
 
+  doCheck = true;
+  checkInputs = optional (!stdenv.isDarwin) hostname;
+  preCheck = ''
+    # construct a dummy HOME
+    export HOME=$(realpath ../dummy-home)
+    mkdir -p ~/.ssh
+
+    # construct a dummy /etc/passwd file for the sshd under test
+    # to use to look up the connecting user
+    DUMMY_PASSWD=$(realpath ../dummy-passwd)
+    cat > $DUMMY_PASSWD <<EOF
+    $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL
+    EOF
+
+    # we need to NIX_REDIRECTS /etc/passwd both for processes
+    # invoked directly and those invoked by the "remote" session
+    cat > ~/.ssh/environment.base <<EOF
+    NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD
+    LD_PRELOAD=${libredirect}/lib/libredirect.so
+    EOF
+
+    # use an ssh environment file to ensure environment is set
+    # up appropriately for build environment even when no shell
+    # is invoked by the ssh session. otherwise the PATH will
+    # only contain default unix paths like /bin which we don't
+    # have in our build environment
+    cat - regress/test-exec.sh > regress/test-exec.sh.new <<EOF
+    cp $HOME/.ssh/environment.base $HOME/.ssh/environment
+    echo "PATH=\$PATH" >> $HOME/.ssh/environment
+    EOF
+    mv regress/test-exec.sh.new regress/test-exec.sh
+
+    # explicitly enable the PermitUserEnvironment feature
+    substituteInPlace regress/test-exec.sh \
+      --replace \
+        'cat << EOF > $OBJ/sshd_config' \
+        $'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes'
+
+    # some tests want to use files under /bin as example files
+    for f in regress/sftp-cmds.sh regress/forwarding.sh; do
+      substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))"
+    done
+
+    # set up NIX_REDIRECTS for direct invocations
+    set -a; source ~/.ssh/environment.base; set +a
+  '';
+  # integration tests hard to get working on darwin with its shaky
+  # sandbox
+  checkTarget = optional (!stdenv.isDarwin) "t-exec"
+    # other tests are less demanding of the environment
+    ++ [ "unit" "file-tests" "interop-tests" ];
+
   postInstall = ''
     # Install ssh-copy-id, it's very useful.
     cp contrib/ssh-copy-id $out/bin/

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-25 22:13:53 +0000