summaryrefslogtreecommitdiff
path: root/gnu/tests
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/tests')
-rw-r--r--gnu/tests/base.scm4
-rw-r--r--gnu/tests/data/jami-dummy-account.dat127
-rw-r--r--gnu/tests/docker.scm2
-rw-r--r--gnu/tests/install.scm94
-rw-r--r--gnu/tests/messaging.scm2
-rw-r--r--gnu/tests/security.scm5
-rw-r--r--gnu/tests/telephony.scm7
-rw-r--r--gnu/tests/virtualization.scm177
8 files changed, 301 insertions, 117 deletions
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 5584628514..acba1ebd25 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -56,7 +56,6 @@
%test-linux-libre-5.10
%test-linux-libre-5.4
%test-linux-libre-4.19
- %test-linux-libre-4.14
%test-halt
%test-root-unmount
%test-cleanup
@@ -580,9 +579,6 @@ functionality tests, using the given KERNEL.")
(define %test-linux-libre-4.19
(test-basic-os linux-libre-4.19))
-(define %test-linux-libre-4.14
- (test-basic-os linux-libre-4.14))
-
;;;
;;; Halt.
diff --git a/gnu/tests/data/jami-dummy-account.dat b/gnu/tests/data/jami-dummy-account.dat
index 0e908396ca..c2c5357189 100644
--- a/gnu/tests/data/jami-dummy-account.dat
+++ b/gnu/tests/data/jami-dummy-account.dat
@@ -1,8 +1,7 @@
;;; -*- mode: scheme; -*-
;;; JSON extracted from an actual Jami account and processed with
;;; Emacs/guile-json.
-(define %jami-account-content-sexp
- '(("RINGCAKEY" . "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3F\
+(("RINGCAKEY" . "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3F\
oa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQzBxWUozSkYvTzhQRGEKRnUwRnpRcHBCaD\
gybGJMdURrNTlVU0I0MUJSaS9kdDZGV1BRN29YOVpsY25vNGZzM2dmUHQ0dU1hRVBkVFBGKwowbGN2Q\
jc2cytQTEFlcjlOZGpVQzQ2ZXp0UnNiNE9aQXc4ZUk1M3EwSU04QWJFd0o0ZjllLzBmQUFueHgrK3Qw\
@@ -58,7 +57,7 @@ TUNPaHdxN21xYXRUVnNrawpTRDNySmkrTFR6a2Y4OEx1bjZZNjdiaFNOTWpKZkFaUXNQc0FTRkJBUTJ\
rQnE5alRLZGVuaU4yYTJIbm0xNCtrCnJDeU9ZVE14Q2hQbWNpS25pVy9MWnFUL0U1dlNRUGdBVzc0dT\
VLazJoSjRBajNjRW9NVEwxSytZbStWYWh2U0cKTi8xOFdYQ1JRQkg1d0p2eXJYczBtT29GQlRnTWg4d\
z0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=")
- ("ringAccountKey" . "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTk\
+ ("ringAccountKey" . "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTk\
Jna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRDNCdDRnOUVUdk9EVnYKM3hWV0ZlS\
1Nnbk5uVEF3S2dYa3IrQ1FhdU8vTGZWM01RenNSNHliL3hoaWhhb1Z2c2FtZ3ZRU1haL0M1R3I5QQpE\
YlAxbHNHclRCK1pXMC9uMXVEb3hmVWdZRWY3SGtVanJtdVFjUGlFWGlUVkNiY002U0NzdVNrMnRxdE1\
@@ -114,7 +113,7 @@ KMTlPd09oZ1lGcjFheGQvNXd2VgpURjNoVlQwbFZGN2RyRC9iMHZOcmxnbUNjbEk4UDg1a2dkRUhZbG\
ZtTFoxeXJIMkNXVy9SS0lsWk9ZdFVuNFNpCkp5a2VlNDROWElXU3ovalRBdFRta3VQTzRvUjF5d3dRc\
jdhUTF5a3hRVm9rVm5vY2xqU0tyQlk4R294a0I0eDIKUDNrb3F1UnkvcUd3QzBnN1o4ZjBTQjNQZVZt\
eQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==")
- ("ringAccountCert" . "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ\
+ ("ringAccountCert" . "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ\
0F3SUJBZ0lJRm1tNmZuaWRndEl3RFFZSktvWklodmNOQVFFTUJRQXdUREVRTUE0R0ExVUUKQXhNSFNt\
RnRhU0JEUVRFNE1EWUdDZ21TSm9tVDhpeGtBUUVUS0RjNVpqSTJaVFZpWTJNeU9EWXlPREppT0dFMwp\
PRFF6TUdOak1EWXpNakV4T1RFNFkyWm1PVGd3SGhjTk1qRXdOREUyTVRjek1qRXdXaGNOTXpFd05ERT\
@@ -180,17 +179,17 @@ OFY2cWM2bXZTbUFXa25nL3QwaStXVmdGVkZuZFQrQ0oyNTJsa0ZacGljdAp6ekdETW44VUNDRUp4TDR\
KTklTM2lLOUhlRys2MlZuay9QOEM3YVpLSXpVdjFud25rcVdUUUFYWDBKckJGdDdICjI5ZDk1RElmRT\
RuT0FyS0JFNHc2Z1R4SU1uZzVzWi9ZbDFjcG5wUHlsR3VICi0tLS0tRU5EIENFUlRJRklDQVRFLS0tL\
S0K")
- ("ethKey" . "fN8cOT1lYNziaW0+pjBIgZ8r6+zMMhHsukkWBNPDsFo=")
- ("TURN.username" . "ring")
- ("TURN.server" . "turn.jami.net")
- ("TURN.realm" . "ring")
- ("TURN.password" . "ring")
- ("TURN.enable" . "true")
- ("TLS.verifyServer" . "true")
- ("TLS.verifyClient" . "true")
- ("TLS.serverName" . "")
- ("TLS.requireClientCertificate" . "true")
- ("TLS.privateKeyFile" . "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQU\
+ ("ethKey" . "fN8cOT1lYNziaW0+pjBIgZ8r6+zMMhHsukkWBNPDsFo=")
+ ("TURN.username" . "ring")
+ ("TURN.server" . "turn.jami.net")
+ ("TURN.realm" . "ring")
+ ("TURN.password" . "ring")
+ ("TURN.enable" . "true")
+ ("TLS.verifyServer" . "true")
+ ("TLS.verifyClient" . "true")
+ ("TLS.serverName" . "")
+ ("TLS.requireClientCertificate" . "true")
+ ("TLS.privateKeyFile" . "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQU\
RBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQzM5b1Z0cXNtUGdaSUgKcHpTV\
GtlT3BlWC9CSEx2KzFTYnJPSFpVRHEwNFZCUU5BNmJmSFNSWTJpbHE1WEVheXNVSmwzQmsvM0txZEhS\
cQpEV01wQ1dpcE1Vc2FwSGxJR0tSWHEwbXhQZ29WODZSUVBub1dCRTdhWVVEZTlJZXlxMmllZXpDK1l\
@@ -246,11 +245,11 @@ mNUloSWU0RUtZUE5VUXNua0tSVTlxUApzWi9idXBXc2w4bWVFcko3bllJQ05ucHpnSHRpNXdSMlliVF\
VXT01odmRFUldxMnhTV3BBYmtNMElhZDBUc05kCmUrYVRQVmJOMXFibFZLMm1qUTl2YS9JSkVuSE51V\
E9TREtJeUpvcVArQkxiRTVjQU5acXQ2OFFadWdOc2RxNHkKV2FoeStydU5LS1F3Mk5MYzQzZUtsNmxv\
bXdtRlFZOD0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=")
- ("TLS.password" . "")
- ("TLS.negotiationTimeoutSec" . "-1")
- ("TLS.method" . "Automatic")
- ("TLS.ciphers" . "")
- ("TLS.certificateFile" . "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHVENDQ\
+ ("TLS.password" . "")
+ ("TLS.negotiationTimeoutSec" . "-1")
+ ("TLS.method" . "Automatic")
+ ("TLS.ciphers" . "")
+ ("TLS.certificateFile" . "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHVENDQ\
XdHZ0F3SUJBZ0lJU1pUdlZPQnh3akF3RFFZSktvWklodmNOQVFFTUJRQXdTVEVOTUFzR0ExVUUKQXhN\
RVNtRnRhVEU0TURZR0NnbVNKb21UOGl4a0FRRVRLR1l6TXpRMVpqSTNOelZrWkdabE1EZGhOR0l3WkR\
rMQpaR0ZsWVRFeE1XUXhOV1ppWXpFeE9Ua3dIaGNOTWpFd05ERTJNVGN6TWpFd1doY05NekV3TkRFME\
@@ -346,47 +345,47 @@ lzVXFsVHVncXhtM2xDOUhzaDM2UFJLNURDUG93eHVUNlgKcXo1M1ZiN2h6TkxLelpiRlJzbUdFOFY2c\
WM2bXZTbUFXa25nL3QwaStXVmdGVkZuZFQrQ0oyNTJsa0ZacGljdAp6ekdETW44VUNDRUp4TDRKTklT\
M2lLOUhlRys2MlZuay9QOEM3YVpLSXpVdjFud25rcVdUUUFYWDBKckJGdDdICjI5ZDk1RElmRTRuT0F\
yS0JFNHc2Z1R4SU1uZzVzWi9ZbDFjcG5wUHlsR3VICi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K")
- ("STUN.server" . "")
- ("STUN.enable" . "false")
- ("SRTP.rtpFallback" . "false")
- ("SRTP.keyExchange" . "sdes")
- ("SRTP.enable" . "true")
- ("RingNS.uri" . "")
- ("RingNS.account" . "0790738ce15fa05933b49dd77034312787da86c3")
- ("DHT.PublicInCalls" . "true")
- ("Account.videoPortMin" . "49152")
- ("Account.videoPortMax" . "65534")
- ("Account.videoEnabled" . "true")
- ("Account.username" . "f3345f2775ddfe07a4b0d95daea111d15fbc1199")
- ("Account.useragent" . "")
- ("Account.upnpEnabled" . "true")
- ("Account.type" . "RING")
- ("Account.ringtoneEnabled" . "true")
- ("Account.rendezVous" . "true")
- ("Account.publishedSameAsLocal" . "true")
- ("Account.publishedPort" . "5060")
- ("Account.publishedAddress" . "")
- ("Account.presenceSubscribeSupported" . "true")
- ("Account.peerDiscovery" . "false")
- ("Account.managerUsername" . "")
- ("Account.managerUri" . "")
- ("Account.mailbox" . "")
- ("Account.localModeratorsEnabled" . "true")
- ("Account.localInterface" . "default")
- ("Account.hostname" . "bootstrap.jami.net")
- ("Account.hasCustomUserAgent" . "false")
- ("Account.enable" . "true")
- ("Account.dtmfType" . "overrtp")
- ("Account.displayName" . "dummy")
- ("Account.defaultModerators" . "")
- ("Account.audioPortMin" . "16384")
- ("Account.audioPortMax" . "32766")
- ("Account.archiveHasPassword" . "false")
- ("Account.allowCertFromTrusted" . "true")
- ("Account.allowCertFromHistory" . "true")
- ("Account.allowCertFromContact" . "true")
- ("Account.allModeratorEnabled" . "true")
- ("Account.alias" . "dummy")
- ("Account.activeCallLimit" . "-1")
- ("Account.accountPublish" . "false")
- ("Account.accountDiscovery" . "false")))
+ ("STUN.server" . "")
+ ("STUN.enable" . "false")
+ ("SRTP.rtpFallback" . "false")
+ ("SRTP.keyExchange" . "sdes")
+ ("SRTP.enable" . "true")
+ ("RingNS.uri" . "")
+ ("RingNS.account" . "0790738ce15fa05933b49dd77034312787da86c3")
+ ("DHT.PublicInCalls" . "true")
+ ("Account.videoPortMin" . "49152")
+ ("Account.videoPortMax" . "65534")
+ ("Account.videoEnabled" . "true")
+ ("Account.username" . "f3345f2775ddfe07a4b0d95daea111d15fbc1199")
+ ("Account.useragent" . "")
+ ("Account.upnpEnabled" . "true")
+ ("Account.type" . "RING")
+ ("Account.ringtoneEnabled" . "true")
+ ("Account.rendezVous" . "true")
+ ("Account.publishedSameAsLocal" . "true")
+ ("Account.publishedPort" . "5060")
+ ("Account.publishedAddress" . "")
+ ("Account.presenceSubscribeSupported" . "true")
+ ("Account.peerDiscovery" . "false")
+ ("Account.managerUsername" . "")
+ ("Account.managerUri" . "")
+ ("Account.mailbox" . "")
+ ("Account.localModeratorsEnabled" . "true")
+ ("Account.localInterface" . "default")
+ ("Account.hostname" . "bootstrap.jami.net")
+ ("Account.hasCustomUserAgent" . "false")
+ ("Account.enable" . "true")
+ ("Account.dtmfType" . "overrtp")
+ ("Account.displayName" . "dummy")
+ ("Account.defaultModerators" . "")
+ ("Account.audioPortMin" . "16384")
+ ("Account.audioPortMax" . "32766")
+ ("Account.archiveHasPassword" . "false")
+ ("Account.allowCertFromTrusted" . "true")
+ ("Account.allowCertFromHistory" . "true")
+ ("Account.allowCertFromContact" . "true")
+ ("Account.allModeratorEnabled" . "true")
+ ("Account.alias" . "dummy")
+ ("Account.activeCallLimit" . "-1")
+ ("Account.accountPublish" . "false")
+ ("Account.accountDiscovery" . "false"))
diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm
index edc9804414..9e9d2e2d07 100644
--- a/gnu/tests/docker.scm
+++ b/gnu/tests/docker.scm
@@ -212,7 +212,7 @@ inside %DOCKER-OS."
(virtual-machine
(operating-system os)
(volatile? #f)
- (disk-image-size (* 5500 (expt 2 20)))
+ (disk-image-size (* 6000 (expt 2 20)))
(memory-size 2048)
(port-forwardings '())))
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index daa4647299..16da320000 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -35,6 +35,7 @@
#:use-module (gnu packages admin)
#:use-module (gnu packages bootloaders)
#:use-module (gnu packages commencement) ;for 'guile-final'
+ #:use-module (gnu packages cpio)
#:use-module (gnu packages cryptsetup)
#:use-module (gnu packages disk)
#:use-module (gnu packages emacs)
@@ -67,6 +68,7 @@
%test-raid-root-os
%test-encrypted-root-os
%test-encrypted-home-os
+ %test-encrypted-home-os-key-file
%test-encrypted-root-not-boot-os
%test-btrfs-root-os
%test-btrfs-root-on-subvolume-os
@@ -749,11 +751,11 @@ export GUIX_BUILD_OPTIONS=--no-grafts
ls -l /run/current-system/gc-roots
parted --script /dev/vdb mklabel gpt \\
mkpart primary ext2 1M 3M \\
- mkpart primary ext2 3M 1.6G \\
+ mkpart primary ext2 3M 2G \\
set 1 boot on \\
set 1 bios_grub on
echo -n " %luks-passphrase " | \\
- cryptsetup luksFormat --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb2 -
+ cryptsetup luksFormat -i 1 --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb2 -
echo -n " %luks-passphrase " | \\
cryptsetup open --type luks --key-file - /dev/vdb2 the-root-device
mkfs.ext4 -L my-root /dev/mapper/the-root-device
@@ -962,19 +964,31 @@ guix --version
export GUIX_BUILD_OPTIONS=--no-grafts
parted --script /dev/vdb mklabel gpt \\
mkpart primary ext2 1M 3M \\
- mkpart primary ext2 3M 1.6G \\
- mkpart primary 1.6G 2.0G \\
+ mkpart primary ext2 3M 2G \\
+ mkpart primary 2G 2.4G \\
set 1 boot on \\
set 1 bios_grub on
echo -n " %luks-passphrase " | \\
- cryptsetup luksFormat --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb3 -
+ cryptsetup luksFormat -i 1 --uuid=12345678-1234-1234-1234-123456789abc -q /dev/vdb3 -
echo -n " %luks-passphrase " | \\
cryptsetup open --type luks --key-file - /dev/vdb3 the-home-device
mkfs.ext4 -L root-fs /dev/vdb2
mkfs.ext4 -L home-fs /dev/mapper/the-home-device
mount /dev/vdb2 /mnt
+
+# This script is used for both encrypted-home-os and encrypted-home-os-key-file
+# tests. So we also add the keyfile here.
+dd if=/dev/zero of=/key-file.bin bs=4096 count=1
+( cd /mnt;
+ echo /key-file.bin | cpio -oH newc > key-file.cpio
+ chmod 0000 key-file.cpio
+ mv /key-file.bin .
+)
+echo -n " %luks-passphrase " | \\
+ cryptsetup luksAddKey --key-file - -i 1 /dev/vdb3 /mnt/key-file.bin
+
mkdir /mnt/home
mount /dev/mapper/the-home-device /mnt/home
df -h /mnt /mnt/home
@@ -1018,13 +1032,75 @@ launched as a shepherd service."
(mlet* %store-monad ((images (run-install %encrypted-home-os
%encrypted-home-os-source
#:script
- %encrypted-home-installation-script))
+ %encrypted-home-installation-script
+ #:packages (list cpio)
+ #:target-size
+ (* 3000 MiB)))
(command (qemu-command* images)))
(run-basic-test %encrypted-home-os command "encrypted-home-os"
#:initialization enter-luks-passphrase-for-home)))))
;;;
+;;; LUKS-encrypted /home, unencrypted root. The unlock is done using a key
+;;; file.
+;;;
+(define-os-with-source (%encrypted-home-os-key-file
+ %encrypted-home-os-key-file-source)
+ (use-modules (gnu) (gnu tests))
+
+ (operating-system
+ (host-name "cipherhome")
+ (timezone "Europe/Prague")
+ (locale "en_US.utf8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (targets (list "/dev/vdb"))
+ (extra-initrd "/key-file.cpio")))
+ (kernel-arguments '("console=ttyS0"))
+
+ (mapped-devices (list (mapped-device
+ (source (uuid "12345678-1234-1234-1234-123456789abc"))
+ (target "the-home-device")
+ (type (luks-device-mapping-with-options
+ #:key-file "/key-file.bin")))))
+ (file-systems (cons* (file-system
+ (device (file-system-label "root-fs"))
+ (mount-point "/")
+ (type "ext4"))
+ (file-system
+ (device (file-system-label "home-fs"))
+ (mount-point "/home")
+ (type "ext4")
+ (dependencies mapped-devices))
+ %base-file-systems))
+ (services (cons (service marionette-service-type
+ (marionette-configuration
+ (imported-modules '((gnu services herd)
+ (guix combinators)))))
+ %base-services))))
+
+(define %test-encrypted-home-os-key-file
+ (system-test
+ (name "encrypted-home-os-key-file")
+ (description
+ "Test functionality of an OS installed with a LUKS /home partition with
+unlock done using a key file")
+ (value
+ (mlet* %store-monad ((images (run-install %encrypted-home-os-key-file
+ %encrypted-home-os-key-file-source
+ #:script
+ %encrypted-home-installation-script
+ #:packages (list cpio)
+ #:target-size
+ (* 3000 MiB)))
+ (command (qemu-command* images)))
+ (run-basic-test %encrypted-home-os-key-file
+ command "encrypted-home-os-key-file")))))
+
+
+;;;
;;; LUKS-encrypted root file system and /boot in a non-encrypted partition.
;;;
@@ -1083,7 +1159,7 @@ parted --script /dev/vdb mklabel gpt \\
mkpart primary ext2 50M 1.6G \\
set 1 boot on \\
set 1 bios_grub on
-echo -n \"~a\" | cryptsetup luksFormat --uuid=\"~a\" -q /dev/vdb3 -
+echo -n \"~a\" | cryptsetup luksFormat -i 1 --uuid=\"~a\" -q /dev/vdb3 -
echo -n \"~a\" | cryptsetup open --type luks --key-file - /dev/vdb3 root
mkfs.ext4 -L my-root /dev/mapper/root
mkfs.ext4 -L my-boot /dev/vdb2
@@ -1118,7 +1194,9 @@ store a couple of full system images.")
((images (run-install %encrypted-root-not-boot-os
%encrypted-root-not-boot-os-source
#:script
- %encrypted-root-not-boot-installation-script))
+ %encrypted-root-not-boot-installation-script
+ #:target-size
+ (* 1600 MiB)))
(command (qemu-command* images)))
(run-basic-test %encrypted-root-not-boot-os command
"encrypted-root-not-boot-os"
diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index 1e26c0ddea..dfcc92f7ed 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -145,7 +145,7 @@
(define %test-prosody
(let* ((config (prosody-configuration
- (disable-sasl-mechanisms '())
+ (insecure-sasl-mechanisms '())
(virtualhosts
(list
(virtualhost-configuration
diff --git a/gnu/tests/security.scm b/gnu/tests/security.scm
index ca6c857899..93cbe4a977 100644
--- a/gnu/tests/security.scm
+++ b/gnu/tests/security.scm
@@ -20,6 +20,7 @@
#:use-module (guix gexp)
#:use-module (gnu packages admin)
#:use-module (gnu services)
+ #:use-module (gnu services base)
#:use-module (gnu services security)
#:use-module (gnu services ssh)
#:use-module (gnu system)
@@ -176,7 +177,9 @@
(simple-operating-system
(service (fail2ban-jail-service openssh-service-type (fail2ban-jail-configuration
(name "sshd") (enabled? #t)))
- (openssh-configuration)))
+ (openssh-configuration))
+ (service static-networking-service-type
+ (list %qemu-static-networking)))
(test-equal "fail2ban sshd jail running status output"
'("Status for the jail: sshd"
diff --git a/gnu/tests/telephony.scm b/gnu/tests/telephony.scm
index f7d9c73767..f03ea963f7 100644
--- a/gnu/tests/telephony.scm
+++ b/gnu/tests/telephony.scm
@@ -38,7 +38,10 @@
;;; Jami daemon.
;;;
-(include "data/jami-dummy-account.dat") ;defines %jami-account-content-sexp
+(define %jami-account-content-sexp
+ (call-with-input-file
+ (search-path %load-path "gnu/tests/data/jami-dummy-account.dat")
+ read))
(define %dummy-jami-account-archive
;; A Jami account archive is a gzipped JSON file.
@@ -391,7 +394,7 @@ jami account used as part of the jami configuration are left *unspecified*."
(description "Provisioning test for the jami service.")
(value (run-jami-test #:provisioning? #t))))
-;;; Thi test verifies that <jami-account> values can be left unspecified
+;;; This test verifies that <jami-account> values can be left unspecified
;;; without causing any issue (see: https://issues.guix.gnu.org/56799).
(define %test-jami-provisioning-partial
(system-test
diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm
index f3655f1d8a..c8b42eb1db 100644
--- a/gnu/tests/virtualization.scm
+++ b/gnu/tests/virtualization.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
-;;; Copyright © 2020-2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020-2024 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2021 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2022 Marius Bakke <marius@gnu.org>
@@ -33,6 +33,7 @@
#:use-module (gnu services)
#:use-module (gnu services dbus)
#:use-module (gnu services networking)
+ #:use-module (gnu services ssh)
#:use-module (gnu services virtualization)
#:use-module (gnu packages ssh)
#:use-module (gnu packages virtualization)
@@ -42,7 +43,8 @@
#:use-module (guix modules)
#:export (%test-libvirt
%test-qemu-guest-agent
- %test-childhurd))
+ %test-childhurd
+ %test-build-vm))
;;;
@@ -241,6 +243,36 @@
(password "")) ;empty password
%base-user-accounts))))))))
+(define* (run-command-over-ssh command
+ #:key (port 10022) (user "test"))
+ "Return a program that runs COMMAND over SSH and prints the result on standard
+output."
+ (define run
+ (with-extensions (list guile-ssh)
+ #~(begin
+ (use-modules (ssh session)
+ (ssh auth)
+ (ssh popen)
+ (ice-9 match)
+ (ice-9 textual-ports))
+
+ (let ((session (make-session #:user #$user
+ #:port #$port
+ #:host "localhost"
+ #:timeout 120
+ #:log-verbosity 'rare)))
+ (match (connect! session)
+ ('ok
+ (userauth-password! session "")
+ (display
+ (get-string-all
+ (open-remote-input-pipe* session #$@command))))
+ (status
+ (error "could not connect to guest over SSH"
+ session status)))))))
+
+ (program-file "run-command-over-ssh" run))
+
(define (run-childhurd-test)
(define (import-module? module)
;; This module is optional and depends on Guile-Gcrypt, do skip it.
@@ -261,35 +293,6 @@
(operating-system os)
(memory-size (* 1024 3))))
- (define (run-command-over-ssh . command)
- ;; Program that runs COMMAND over SSH and prints the result on standard
- ;; output.
- (let ()
- (define run
- (with-extensions (list guile-ssh)
- #~(begin
- (use-modules (ssh session)
- (ssh auth)
- (ssh popen)
- (ice-9 match)
- (ice-9 textual-ports))
-
- (let ((session (make-session #:user "test"
- #:port 10022
- #:host "localhost"
- #:log-verbosity 'rare)))
- (match (connect! session)
- ('ok
- (userauth-password! session "")
- (display
- (get-string-all
- (open-remote-input-pipe* session #$@command))))
- (status
- (error "could not connect to childhurd over SSH"
- session status)))))))
-
- (program-file "run-command-over-ssh" run)))
-
(define test
(with-imported-modules '((gnu build marionette))
#~(begin
@@ -355,21 +358,24 @@
;; 'uname' command.
(marionette-eval
'(begin
- (use-modules (ice-9 popen))
+ (use-modules (ice-9 popen)
+ (ice-9 textual-ports))
(get-string-all
- (open-input-pipe #$(run-command-over-ssh "uname" "-on"))))
+ (open-input-pipe #$(run-command-over-ssh '("uname" "-on")))))
marionette))
(test-assert "guix-daemon up and running"
(let ((drv (marionette-eval
'(begin
- (use-modules (ice-9 popen))
+ (use-modules (ice-9 popen)
+ (ice-9 textual-ports))
(get-string-all
(open-input-pipe
- #$(run-command-over-ssh "guix" "build" "coreutils"
- "--no-grafts" "-d"))))
+ #$(run-command-over-ssh
+ '("guix" "build" "coreutils"
+ "--no-grafts" "-d")))))
marionette)))
;; We cannot compare the .drv with (raw-derivation-file
;; coreutils) on the host: they may differ due to fixed-output
@@ -415,3 +421,102 @@
"Connect to the GNU/Hurd virtual machine service, aka. a childhurd, making
sure that the childhurd boots and runs its SSH server.")
(value (run-childhurd-test))))
+
+
+;;;
+;;; Virtual build machine.
+;;;
+
+(define %build-vm-os
+ (simple-operating-system
+ (service virtual-build-machine-service-type
+ (virtual-build-machine
+ (cpu-count 1)
+ (memory-size (* 1 1024))))))
+
+(define (run-build-vm-test)
+ (define (import-module? module)
+ ;; This module is optional and depends on Guile-Gcrypt, do skip it.
+ (and (guix-module-name? module)
+ (not (equal? module '(guix store deduplication)))))
+
+ (define os
+ (marionette-operating-system
+ %build-vm-os
+ #:imported-modules (source-module-closure
+ '((gnu services herd)
+ (gnu build install))
+ #:select? import-module?)))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)
+ (memory-size (* 1024 3))))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (srfi srfi-64)
+ (ice-9 match))
+
+ (define marionette
+ ;; Emulate as much as the host CPU supports so that, possibly, KVM
+ ;; is available inside as well ("nested KVM"), provided
+ ;; /sys/module/kvm_intel/parameters/nested (or similar) allows it.
+ (make-marionette (list #$vm "-cpu" "max")))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "build-vm")
+
+ (test-assert "service running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd)
+ (ice-9 match))
+
+ (start-service 'build-vm))
+ marionette))
+
+ (test-assert "guest SSH up and running"
+ ;; Note: Pass #:peek? #t because due to the way QEMU port
+ ;; forwarding works, connecting to 11022 always works even if the
+ ;; 'sshd' service hasn't been started yet in the guest.
+ (wait-for-tcp-port 11022 marionette
+ #:peek? #t))
+
+ (test-assert "copy-on-write store"
+ ;; Set up a writable store. The root partition is already an
+ ;; overlayfs, which is not suitable as the bottom part of this
+ ;; additional overlayfs; thus, create a tmpfs for the backing
+ ;; store.
+ ;; TODO: Remove this when <virtual-machine> creates a writable
+ ;; store.
+ (marionette-eval
+ '(begin
+ (use-modules (gnu build install)
+ (guix build syscalls))
+
+ (mkdir "/run/writable-store")
+ (mount "none" "/run/writable-store" "tmpfs")
+ (mount-cow-store "/run/writable-store" "/backing-store")
+ (system* "df" "-hT"))
+ marionette))
+
+ (test-equal "offloading"
+ 0
+ (marionette-eval
+ '(and (file-exists? "/etc/guix/machines.scm")
+ (system* "guix" "offload" "test"))
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "build-vm-test" test))
+
+(define %test-build-vm
+ (system-test
+ (name "build-vm")
+ (description
+ "Offload to a virtual build machine over SSH.")
+ (value (run-build-vm-test))))
generated by cgit v1.2.3 (git 2.50.1) at 2025-08-16 02:27:21 +0000