1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
| | ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu tests shadow)
#:use-module (gnu packages base)
#:use-module (gnu tests)
#:use-module (gnu services)
#:use-module (gnu system)
#:use-module (gnu system accounts)
#:use-module (gnu system shadow)
#:use-module (gnu system vm)
#:use-module (guix gexp)
#:export (%test-subids))
\f
(define %subids-os
(simple-operating-system
(simple-service
'simple-subids
subids-service-type
(subids-extension
(subgids
(list
(subid-range
(name "alice"))
(subid-range
(name "bob")
(start 100700))))
(subuids
(list
(subid-range
(name "alice"))))))))
(define (run-subids-test)
"Run IMAGE as an OCI backed Shepherd service, inside OS."
(define os
(marionette-operating-system
(operating-system-with-gc-roots
%subids-os
(list))
#:imported-modules '((gnu services herd)
(guix combinators))))
(define vm
(virtual-machine
(operating-system os)
(volatile? #f)
(memory-size 1024)
(disk-image-size (* 3000 (expt 2 20)))
(port-forwardings '())))
(define test
(with-imported-modules '((gnu build marionette))
#~(begin
(use-modules (srfi srfi-11) (srfi srfi-64)
(gnu build marionette))
(define marionette
;; Relax timeout to accommodate older systems and
;; allow for pulling the image.
(make-marionette (list #$vm) #:timeout 60))
(test-runner-current (system-test-runner #$output))
(test-begin "subids")
(test-equal "/etc/subid and /etc/subgid are created and their content is sound"
'("root:100000:700\nbob:100700:65536\nalice:166236:65536"
"root:100000:65536\nalice:165536:65536")
(marionette-eval
`(begin
(use-modules (ice-9 popen)
(ice-9 match)
(ice-9 rdelim))
(define (read-lines file-or-port)
(define (loop-lines port)
(let loop ((lines '()))
(match (read-line port)
((? eof-object?)
(reverse lines))
(line
(loop (cons line lines))))))
(if (port? file-or-port)
(loop-lines file-or-port)
(call-with-input-file file-or-port
loop-lines)))
(define slurp
(lambda args
(let* ((port (apply open-pipe* OPEN_READ args))
(output (read-lines port))
(status (close-pipe port)))
output)))
(let* ((response1 (slurp
,(string-append #$coreutils "/bin/cat")
"/etc/subgid"))
(response2 (slurp
,(string-append #$coreutils "/bin/cat")
"/etc/subuid")))
(list (string-join response1 "\n") (string-join response2 "\n"))))
marionette))
(test-end))))
(gexp->derivation "subids-test" test))
(define %test-subids
(system-test
(name "subids")
(description "Test sub UIDs and sub GIDs provisioning service.")
(value (run-subids-test))))
|