summaryrefslogtreecommitdiff
path: root/gnu/tests
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/tests')
-rw-r--r--gnu/tests/base.scm4
-rw-r--r--gnu/tests/install.scm8
-rw-r--r--gnu/tests/lightdm.scm160
-rw-r--r--gnu/tests/security.scm221
-rw-r--r--gnu/tests/virtualization.scm21
5 files changed, 408 insertions, 6 deletions
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 353d6d415a..636b127fb8 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -341,7 +341,7 @@ info --version")
(wait-for-screen-text marionette
(lambda (text)
(string-contains text "Password"))
- #:ocrad
+ #:ocr
#$(file-append ocrad "/bin/ocrad"))
(marionette-type (string-append password "\n\n")
marionette))
@@ -510,7 +510,7 @@ info --version")
(test-assert "screen text"
(let ((text (marionette-screen-text marionette
- #:ocrad
+ #:ocr
#$(file-append ocrad
"/bin/ocrad"))))
;; Check whether the welcome message and shell prompt are
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index fbb97d451c..4e0e274e66 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -784,7 +784,7 @@ to enter the LUKS passphrase."
;; At this point we have no choice but to use OCR to determine
;; when the passphrase should be entered.
(wait-for-screen-text #$marionette passphrase-prompt?
- #:ocrad #$ocrad)
+ #:ocr #$ocrad)
(marionette-type #$(string-append %luks-passphrase "\n")
#$marionette)
@@ -792,7 +792,7 @@ to enter the LUKS passphrase."
;; we can then be sure we match the "Enter passphrase" prompt from
;; 'cryptsetup', in the initrd.
(wait-for-screen-text #$marionette (negate bios-boot-screen?)
- #:ocrad #$ocrad
+ #:ocr #$ocrad
#:timeout 20)))
(test-assert "enter LUKS passphrase for the initrd"
@@ -800,7 +800,7 @@ to enter the LUKS passphrase."
;; XXX: Here we use OCR as well but we could instead use QEMU
;; '-serial stdio' and run it in an input pipe,
(wait-for-screen-text #$marionette passphrase-prompt?
- #:ocrad #$ocrad
+ #:ocr #$ocrad
#:timeout 60)
(marionette-type #$(string-append %luks-passphrase "\n")
#$marionette)
@@ -999,7 +999,7 @@ launched as a shepherd service."
;; XXX: Here we use OCR as well but we could instead use QEMU
;; '-serial stdio' and run it in an input pipe,
(wait-for-screen-text #$marionette passphrase-prompt?
- #:ocrad #$ocrad
+ #:ocr #$ocrad
#:timeout 120)
(marionette-type #$(string-append %luks-passphrase "\n")
#$marionette)
diff --git a/gnu/tests/lightdm.scm b/gnu/tests/lightdm.scm
new file mode 100644
index 0000000000..431b388e7e
--- /dev/null
+++ b/gnu/tests/lightdm.scm
@@ -0,0 +1,160 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>.
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests lightdm)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu bootloader grub)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages ocr)
+ #:use-module (gnu packages ratpoison)
+ #:use-module (gnu packages vnc)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu services)
+ #:use-module (gnu services base)
+ #:use-module (gnu services dbus)
+ #:use-module (gnu services desktop)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services lightdm)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu services xorg)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu system vm)
+ #:use-module (gnu tests)
+ #:use-module (guix gexp)
+ #:use-module (guix modules)
+ #:use-module (srfi srfi-1)
+ #:export (%test-lightdm))
+
+(define minimal-desktop-services
+ (list polkit-wheel-service
+ (service upower-service-type)
+ (accountsservice-service)
+ (service polkit-service-type)
+ (elogind-service)
+ (dbus-service)
+ x11-socket-directory-service))
+
+(define %lightdm-os
+ (operating-system
+ (inherit %simple-os)
+ (packages (cons* ocrad ratpoison xterm %base-packages))
+ (services
+ (cons* (service lightdm-service-type
+ (lightdm-configuration
+ (allow-empty-passwords? #t)
+ (debug? #t)
+ (xdmcp? #t)
+ (vnc-server? #t)
+ (vnc-server-command
+ (file-append tigervnc-server "/bin/Xvnc"
+ " -SecurityTypes None"))
+ (greeters (list (lightdm-gtk-greeter-configuration
+ (allow-debugging? #t))))
+ (seats (list (lightdm-seat-configuration
+ (name "*")
+ (user-session "ratpoison"))))))
+
+ ;; For debugging.
+ (service dhcp-client-service-type)
+ (service openssh-service-type
+ (openssh-configuration
+ (permit-root-login #t)
+ (allow-empty-passwords? #t)))
+ (append minimal-desktop-services
+ (remove (lambda (service)
+ (eq? (service-kind service) guix-service-type))
+ %base-services))))))
+
+(define (run-lightdm-test)
+ "Run tests in %LIGHTDM-OS."
+
+ (define os (marionette-operating-system
+ %lightdm-os
+ #:imported-modules (source-module-closure
+ '((gnu services herd)))))
+
+ (define vm (virtual-machine os))
+
+ (define test
+ (with-imported-modules (source-module-closure
+ '((gnu build marionette)))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (srfi srfi-26)
+ (srfi srfi-64))
+
+ (let ((marionette (make-marionette (list #$vm))))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "lightdm")
+
+ (test-assert "service is running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'lightdm))
+ marionette))
+
+ (test-assert "service can be stopped"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (stop-service 'lightdm))
+ marionette))
+
+ (test-assert "service can be restarted"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (restart-service 'lightdm))
+ marionette))
+
+ (test-assert "login screen is displayed"
+ ;; GNU Ocrad fails to recognize the "Log In" button text, so use
+ ;; Tesseract.
+ (wait-for-screen-text marionette
+ (cut string-contains <> "Log In")
+ #:ocr #$(file-append tesseract-ocr
+ "/bin/tesseract")))
+
+ (test-assert "can connect to TCP port 5900 on IPv4"
+ (wait-for-tcp-port 5900 marionette))
+
+ ;; The VNC server fails to listen to IPv6 due to "Error binding to
+ ;; address [::]:5900: Address already in use" (see:
+ ;; https://github.com/canonical/lightdm/issues/266).
+ (test-expect-fail 1)
+ (test-assert "can connect to TCP port 5900 on IPv6"
+ (wait-for-tcp-port 5900 marionette
+ #:address
+ `(make-socket-address
+ AF_INET6
+ (inet-pton AF_INET6 "::1")
+ 5900)))
+
+ (test-end)))))
+
+ (gexp->derivation "lightdm-test" test))
+
+(define %test-lightdm
+ (system-test
+ (name "lightdm")
+ (description "Basic tests for the LightDM service.")
+ (value (run-lightdm-test))))
diff --git a/gnu/tests/security.scm b/gnu/tests/security.scm
new file mode 100644
index 0000000000..ca6c857899
--- /dev/null
+++ b/gnu/tests/security.scm
@@ -0,0 +1,221 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 muradm <mail@muradm.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests security)
+ #:use-module (guix gexp)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu services)
+ #:use-module (gnu services security)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu tests)
+ #:export (%test-fail2ban-basic
+ %test-fail2ban-extension
+ %test-fail2ban-simple))
+
+
+;;;
+;;; fail2ban tests
+;;;
+
+(define-syntax-rule (fail2ban-test test-name test-os tests-more ...)
+ (lambda ()
+ (define os
+ (marionette-operating-system
+ test-os
+ #:imported-modules '((gnu services herd))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)
+ (port-forwardings '())))
+
+ (define test
+ (with-imported-modules '((gnu build marionette)
+ (guix build utils))
+ #~(begin
+ (use-modules (srfi srfi-64)
+ (gnu build marionette))
+
+ (define marionette (make-marionette (list #$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin test-name)
+
+ (test-assert "fail2ban running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'fail2ban))
+ marionette))
+
+ (test-assert "fail2ban socket ready"
+ (wait-for-unix-socket
+ "/var/run/fail2ban/fail2ban.sock" marionette))
+
+ (test-assert "fail2ban running after restart"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (restart-service 'fail2ban))
+ marionette))
+
+ (test-assert "fail2ban socket ready after restart"
+ (wait-for-unix-socket
+ "/var/run/fail2ban/fail2ban.sock" marionette))
+
+ (test-assert "fail2ban pid ready"
+ (marionette-eval
+ '(file-exists? "/var/run/fail2ban/fail2ban.pid")
+ marionette))
+
+ (test-assert "fail2ban log file"
+ (marionette-eval
+ '(file-exists? "/var/log/fail2ban.log")
+ marionette))
+
+ tests-more ...
+
+ (test-end))))
+
+ (gexp->derivation test-name test)))
+
+(define run-fail2ban-basic-test
+ (fail2ban-test
+ "fail2ban-basic-test"
+
+ (simple-operating-system
+ (service fail2ban-service-type))))
+
+(define %test-fail2ban-basic
+ (system-test
+ (name "fail2ban-basic")
+ (description "Test basic fail2ban running capability.")
+ (value (run-fail2ban-basic-test))))
+
+(define %fail2ban-server-cmd
+ (program-file
+ "fail2ban-server-cmd"
+ #~(begin
+ (let ((cmd #$(file-append fail2ban "/bin/fail2ban-server")))
+ (apply execl cmd cmd `("-p" "/var/run/fail2ban/fail2ban.pid"
+ "-s" "/var/run/fail2ban/fail2ban.sock"
+ ,@(cdr (program-arguments))))))))
+
+(define run-fail2ban-simple-test
+ (fail2ban-test
+ "fail2ban-basic-test"
+
+ (simple-operating-system
+ (service fail2ban-service-type (fail2ban-configuration
+ (jails (list (fail2ban-jail-configuration
+ (name "sshd")))))))
+
+ (test-equal "fail2ban sshd jail running status output"
+ '("Status for the jail: sshd"
+ "|- Filter"
+ "| |- Currently failed:\t0"
+ "| |- Total failed:\t0"
+ "| `- File list:\t/var/log/secure"
+ "`- Actions"
+ " |- Currently banned:\t0"
+ " |- Total banned:\t0"
+ " `- Banned IP list:\t"
+ "")
+ (marionette-eval
+ '(begin
+ (use-modules (ice-9 rdelim) (ice-9 popen) (rnrs io ports))
+ (let ((call-command
+ (lambda (cmd)
+ (let* ((err-cons (pipe))
+ (port (with-error-to-port (cdr err-cons)
+ (lambda () (open-input-pipe cmd))))
+ (_ (setvbuf (car err-cons) 'block
+ (* 1024 1024 16)))
+ (result (read-delimited "" port)))
+ (close-port (cdr err-cons))
+ (values result (read-delimited "" (car err-cons)))))))
+ (string-split
+ (call-command
+ (string-join (list #$%fail2ban-server-cmd "status" "sshd") " "))
+ #\newline)))
+ marionette))
+
+ (test-equal "fail2ban sshd jail running exit code"
+ 0
+ (marionette-eval
+ '(status:exit-val (system* #$%fail2ban-server-cmd "status" "sshd"))
+ marionette))))
+
+(define %test-fail2ban-simple
+ (system-test
+ (name "fail2ban-simple")
+ (description "Test simple fail2ban running capability.")
+ (value (run-fail2ban-simple-test))))
+
+(define run-fail2ban-extension-test
+ (fail2ban-test
+ "fail2ban-extension-test"
+
+ (simple-operating-system
+ (service (fail2ban-jail-service openssh-service-type (fail2ban-jail-configuration
+ (name "sshd") (enabled? #t)))
+ (openssh-configuration)))
+
+ (test-equal "fail2ban sshd jail running status output"
+ '("Status for the jail: sshd"
+ "|- Filter"
+ "| |- Currently failed:\t0"
+ "| |- Total failed:\t0"
+ "| `- File list:\t/var/log/secure"
+ "`- Actions"
+ " |- Currently banned:\t0"
+ " |- Total banned:\t0"
+ " `- Banned IP list:\t"
+ "")
+ (marionette-eval
+ '(begin
+ (use-modules (ice-9 rdelim) (ice-9 popen) (rnrs io ports))
+ (let ((call-command
+ (lambda (cmd)
+ (let* ((err-cons (pipe))
+ (port (with-error-to-port (cdr err-cons)
+ (lambda () (open-input-pipe cmd))))
+ (_ (setvbuf (car err-cons) 'block
+ (* 1024 1024 16)))
+ (result (read-delimited "" port)))
+ (close-port (cdr err-cons))
+ (values result (read-delimited "" (car err-cons)))))))
+ (string-split
+ (call-command
+ (string-join (list #$%fail2ban-server-cmd "status" "sshd") " "))
+ #\newline)))
+ marionette))
+
+ (test-equal "fail2ban sshd jail running exit code"
+ 0
+ (marionette-eval
+ '(status:exit-val (system* #$%fail2ban-server-cmd "status" "sshd"))
+ marionette))))
+
+(define %test-fail2ban-extension
+ (system-test
+ (name "fail2ban-extension")
+ (description "Test extension fail2ban running capability.")
+ (value (run-fail2ban-extension-test))))
diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm
index 4bd56e5d9d..60789fbb5b 100644
--- a/gnu/tests/virtualization.scm
+++ b/gnu/tests/virtualization.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2020-2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2021 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2022 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -106,6 +107,26 @@
"-c" "qemu:///system" "connect"))
marionette))
+ (test-eq "create default network"
+ 0
+ (marionette-eval
+ '(begin
+ (chdir "/tmp")
+ (system* #$(file-append libvirt "/bin/virsh")
+ "-c" "qemu:///system" "net-define"
+ #$(file-append libvirt
+ "/etc/libvirt/qemu/networks/default.xml")))
+ marionette))
+
+ (test-eq "start default network"
+ 0
+ (marionette-eval
+ '(begin
+ (chdir "/tmp")
+ (system* #$(file-append libvirt "/bin/virsh")
+ "-c" "qemu:///system" "net-start" "default"))
+ marionette))
+
(test-end))))
(gexp->derivation "libvirt-test" test))
generated by cgit v1.2.3 (git 2.50.1) at 2025-08-04 21:19:50 +0000