Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixosTests.hardened: port to python #76708

Closed
wants to merge 1 commit into from
Closed

nixosTests.hardened: port to python #76708

wants to merge 1 commit into from

Conversation

Br1ght0ne
Copy link
Member

@Br1ght0ne Br1ght0ne commented Dec 30, 2019
edited
Loading

Motivation for this change

#72828

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @joachifm

This change is Reviewable

@Br1ght0ne Br1ght0ne requested a review from joachifm as a code owner December 30, 2019 16:12
@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Dec 30, 2019
@joachifm
Copy link
Contributor

@GrahamcOfBorg test hardened

@joachifm
Copy link
Contributor

joachifm commented Jan 1, 2020

The test seems to fail. Is that expected?

@Br1ght0ne
Copy link
Member Author

@joachifm I had the original Perl test fail too. Don't know for sure.

@joachifm
Copy link
Contributor

joachifm commented Jan 3, 2020

@filalex77 the test seems to pass on Hydra. I'm curious what accounts for the difference, any idea? If you're reasonably sure this won't introduce a regression, I'm happy to defer to your judgement. The change LGTM (though I'm out-of-the loop wrt why tests are being ported to begin with).

tfc
tfc reviewed Jan 8, 2020
View reviewed changes
nixos/tests/hardened.nix Outdated

# Test hidepid
subtest "hidepid", sub {
$machine->succeed("grep -Fq hidepid=2 /proc/mounts");
with subtest("hidepid"):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be cool if all subtest titles would be at least short sentences that describe your high-level expectation, instead of containing just one word.

@tfc
Copy link
Contributor

tfc commented Jan 14, 2020

Hey @filalex77, what's the state of this?

@Br1ght0ne
Copy link
Member Author

@tfc Got a bit busy. Will fix it soon, thanks for reminding!

@tfc tfc mentioned this pull request Jan 26, 2020
Closed
@worldofpeace worldofpeace added this to the 20.03 milestone Jan 31, 2020
@worldofpeace
Copy link
Contributor

Ping @filalex77. Btw, the testing driver was improved so you don't have to dig into the log for the exact failing subtest.

@disassembler disassembler modified the milestones: 20.03, 20.09 Feb 5, 2020
@Br1ght0ne Br1ght0ne force-pushed the nixosTests.hardened-python branch from 1e92c54 to 36f98d5 Compare March 27, 2020 13:53
@Br1ght0ne
Copy link
Member Author

Doesn't start on my machine (probably issue with KVM on my machine).
@GrahamcOfBorg test hardened

@flokli
Copy link
Contributor

flokli commented May 14, 2020

Can this be rebased on current master?

@flokli flokli force-pushed the nixosTests.hardened-python branch from 36f98d5 to 462ce60 Compare August 14, 2020 18:04
@flokli
Copy link
Contributor

flokli commented Aug 14, 2020

I rebased to latest master. For some reason, the "nix-daemon usage" subtest currently seems to fail. @filalex77, any idea?

@flokli flokli closed this in 540c033 Aug 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tfc tfc tfc left review comments

@joachifm joachifm joachifm approved these changes

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux
Projects
None yet
Milestone
20.09
Development

Successfully merging this pull request may close these issues.
6 participants
@Br1ght0ne @joachifm @tfc @worldofpeace @flokli @disassembler