From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id cE8rGkIyBWNzeQAAbAwnHQ (envelope-from ) for ; Tue, 23 Aug 2022 22:02:10 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id iNNEGUIyBWOV5QAAG6o9tA (envelope-from ) for ; Tue, 23 Aug 2022 22:02:10 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 960E19071 for ; Tue, 23 Aug 2022 22:02:09 +0200 (CEST) Received: from localhost ([::1]:47280 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oQa6C-0002qd-Nn for larch@yhetil.org; Tue, 23 Aug 2022 16:02:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42202) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oQa66-0002qU-RQ for guix-patches@gnu.org; Tue, 23 Aug 2022 16:02:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55342) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oQa66-0000iq-Id for guix-patches@gnu.org; Tue, 23 Aug 2022 16:02:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oQa66-00071N-2F for guix-patches@gnu.org; Tue, 23 Aug 2022 16:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#56608] [PATCH v2 2/2] gnu: tests: Add fail2ban tests. Resent-From: muradm Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 23 Aug 2022 20:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56608 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 56608@debbugs.gnu.org Received: via spool by 56608-submit@debbugs.gnu.org id=B56608.166128490526964 (code B ref 56608); Tue, 23 Aug 2022 20:02:02 +0000 Received: (at 56608) by debbugs.gnu.org; 23 Aug 2022 20:01:45 +0000 Received: from localhost ([127.0.0.1]:45091 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oQa5p-00070p-4O for submit@debbugs.gnu.org; Tue, 23 Aug 2022 16:01:45 -0400 Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:42384 helo=nomad-cl1.muradm.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oQa5n-00070c-4a for 56608@debbugs.gnu.org; Tue, 23 Aug 2022 16:01:43 -0400 Received: from localhost ([127.0.0.1]:50900) by nomad-cl1.muradm.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1oQa4r-0006ny-15; Tue, 23 Aug 2022 20:00:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; s=mail; h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=u5M7b+R+H8vC6lBbb7032r2Ax7Ar3JTgA52udfZvGqI=; b=vE/LnQGiuj/POKRWZkNaT1fPdV SxEu2LB5n0alpVDKxV02NsfRqQf6xov2vo1EKTPbhvCfoEwS3KRiK7fCqLhKWi4KG2n7E4idciUK5 UoquVV4FGZ4M2bknhDhpci0kUD5BzdtsaWveaYklWHL1Uy9LXEFIbfzst54vjpfS7ufS3B8cIAkzz qkoyEviNS5Rz0JpcERvPrtxEVZCmqgZqG0m8o8fbzVonTiiCrS1YuQEmgzue+GFonOmvQjPe6Ch/0 4O+JniTyCxqUYMG27kjWLFyybzFR2dZGxmhNUa+oDoxUjaxpFQkl+J79udyp+2u9D5D+l6bGGrwHT zgT7tSJ5FW+mejI98s3KuufKUWw4tR+LNsGsMNld0E4XthQXpvzqcSb3xcYHrGTPHdjpNotuORfz4 L7Fp7H0tuQRBTQ7MNX+DWA50XUXUpDwU/3EBMujRF6lblnXJJRR0/5xuIw1lwRWoLw6wvbIY5puu1 923SXAjQe1iNZs+CrIvNNGhj; Received: from muradm by localhost with local (Exim 4.96) (envelope-from ) id 1oQa5g-0005xZ-0x; Tue, 23 Aug 2022 23:01:36 +0300 References: <87edxxqpg3.fsf@gmail.com> <20220822172607.31515-1-mail@muradm.net> <20220822172607.31515-3-mail@muradm.net> <87edx8gkhm.fsf@gmail.com> User-agent: mu4e 1.8.7; emacs 29.0.50 From: muradm Date: Tue, 23 Aug 2022 21:51:57 +0300 In-reply-to: <87edx8gkhm.fsf@gmail.com> Message-ID: <87r116ybj4.fsf@muradm.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1661284930; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=u5M7b+R+H8vC6lBbb7032r2Ax7Ar3JTgA52udfZvGqI=; b=PeSPu0C96llUSIcvFQlKKi0C/f/VfGg1x9xSnAYromlPr7h5yff/RrVeXO8ab/DfRU5p+H c/z6IPa0oWGC5yWCFyaK/Dit9afoQ+odhK3RmaBavWSd08E1JkexzcYQ5HtGy3+A2YAxWn WYadHEAeRrXyHqCdYrok4PAPKsPbY5WTGZSxGuHIp48k1bCAYNRcGQhxmU2RLbrZmtdD4b cGmf3Z0i7Pt3Pkn1WilgTnkdme+S8BNXgdfhh/kBSdVC88lPC90xfqU252h1+TXuN9aCVB czHHIGATy8AZjEggqBjE5Z6HX5vEC22EVglKGq5eUOVEdiB/npV4042MXLDc7g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1661284930; a=rsa-sha256; cv=none; b=Xu8YJFjchsOnKWicdUeTqoaZ8bcaPnPcDeN8qHeNco/EQLMihxAXTXOJGDBh+9vQP0KvP+ 4ODZuCsG0F+heHzru+zVWY1qyZVEDhDZ24VDPAHn59sJarHWBIdhDC2GcXvNtfDjfnH8QE hxNz1CC9yRcuUQ6DjYGDs68ffDhvmS9NTQKOryPcftchzLQddVWfOdm4S/21kzqh5zbRNa mLWMyekwMb7xL+DwYTrGmc1X8GaRAVchT5/0ZN5Ljqg3DxST4nOQBOPrOOZVJT/JuPilw+ hK0SrPZ+rkPhE8wmBIvXkfc5wk7Coc6HOygVREJMCCNkMbnyIyutCllIS6Y/Jw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=muradm.net header.s=mail header.b="vE/LnQGi"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.80 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=muradm.net header.s=mail header.b="vE/LnQGi"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 960E19071 X-Spam-Score: -1.80 X-Migadu-Scanner: scn0.migadu.com X-TUID: zx6sOkBk4adE --=-=-= Content-Type: text/plain; format=flowed Hi, Squashed patch will come later on. Maxim Cournoyer writes: > Hi, > > muradm writes: > > [...] > >> --- /dev/null >> +++ b/gnu/tests/security.scm > > I'd keep the tests with the introductory commit (squashed in > preceding > one). > Done. [...] >> +(define (run-fail2ban-basic-test) >> + >> + (define os >> + (marionette-operating-system >> + (simple-operating-system >> + (service fail2ban-service-type)) >> + #:imported-modules '((gnu services herd) >> + (guix combinators)))) > ^ (guix combinators) seems unused > Done including other places. >> + (define vm >> + (virtual-machine >> + (operating-system os) >> + (port-forwardings '()))) > > (define vm (virtual-machine (operating-system os))) should be > sufficient. > For me it does not work without specfying port-forwardings. I get wierd error like following: gnu/tests/security.scm:47:5: error: os: invalid field specifier I suppose it is something todo with virtual-machine. So I'm leaving port-forwardings as is. [...] >> + (define (wait-for-unix-socket-m socket) >> + (wait-for-unix-socket socket marionette)) > > Overkill as used once in scope. > Done including other places. >> + >> + (test-runner-current (system-test-runner #$output)) >> + (test-begin "fail2ban-basic-test") >> + >> + (test-assert "fail2ban running" >> + (marionette-eval >> + '(begin >> + (use-modules (gnu services herd)) >> + (start-service 'fail2ban)) >> + marionette)) > > I like to test that services can be restarted too, as in my > experience > there can be races and other situations that may cause them to > fail > restarting. > Done. [...] >> + (test-equal "fail2ban sshd jail running" >> + '("Status for the jail: sshd" >> + "|- Filter" >> + "| |- Currently failed:\t0" >> + "| |- Total failed:\t0" >> + "| `- File list:\t/var/log/secure" >> + "`- Actions" >> + " |- Currently banned:\t0" >> + " |- Total banned:\t0" >> + " `- Banned IP list:\t" >> + "") >> + (marionette-eval >> + '(begin >> + (use-modules (ice-9 rdelim) (ice-9 popen) >> (rnrs io ports)) >> + (let ((call-command >> + (lambda (cmd) >> + (let* ((err-cons (pipe)) >> + (port (with-error-to-port (cdr >> err-cons) >> + (lambda () >> (open-input-pipe cmd)))) >> + (_ (setvbuf (car err-cons) >> 'block >> + (* 1024 1024 16))) >> + (result (read-delimited "" >> port))) >> + (close-port (cdr err-cons)) >> + (values result (read-delimited "" >> (car err-cons))))))) >> + (string-split >> + (call-command >> + (string-join (list #$%fail2ban-server-cmd >> "status" "sshd") " ")) >> + #\newline))) >> + marionette)) > > Perhaps this could be turned into an Shepherd action, and the > Guile > procedure could do the above to return the text output; to > simplify the > test and reduce boilerplate, while providing value to the user. > [...] >> + (gexp->derivation "fail2ban-extending-test" test)) >> + >> +(define %test-fail2ban-extending > > Perhaps %test-fail2ban-extension ? Done, s/extending/extension/. > Otherwise, that last test seems to > test exactly the same things as the preceding one, so there > should be a > procedure to generate the test, taking the OS as an argument to > avoid > code duplication. > Done, refactored with define-syntax-rule. > Thanks for working on this! > > Maxim --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmMFMh8ACgkQ6M7O0mLO BeLlJxAAqpV6nFNan2XXBZ97RzYc7L+pVu1Pq7qM1kHzImmGSYgUY+fbNYDlhjIf 2gURCX+Gdfw35mU2N4g3uUjJgRES5TRKsGYG/86+QKpbD/LMOHLGoBhCtHatCSJM 65TRD4kr83HTOGt8EN4RglwElsgGlO24JZcHqdOflL1uCF/c2uJVXtswfrYcK85z 58t8Antj8E0ky8HjlRuT7BCambL8pVN8d/Dw/Ac47EqqQQrek0F5eVuhJFxEGVDQ 6i5wJdsq60NMflRr9+SZNgZF0OT2d5VQutwv4P666RQ3qtSt7r87v+0AZhlQWF1g bqDTzbgukc2F7qxWZNC6bEnqSKZPaCTc5epCOE0Sa6EW+LJ96d6MidTadxo4fxSV NU8th8jH/GyNNZ4QkWVwVGgxUC4nhnZ4F2vof9DEFFHQyeo7mDt9+Pog9rXqnO/N 5rmJpXX+yelVWhM30BMHGaPjdBYiQw9qHLS/Cgcx8g1TqwRlTiZZdPYzH9I8B2e4 I0nxSchvCM6SuTolwcoEVNaOlUdzEZMZGW0yyCLJUO5dDrUi98OoGYXPiVfMAILU EDl71UgIP06hedVcmRUyDunuU8t87syq2CLkIzfDzAm4vhSAHDEGxDukeV5RbyAi iNFB814Vf5rCNpOQiOjjgi3p3UfCIvXxyq6ROQZ9HFk9aw5iWrM= =oalh -----END PGP SIGNATURE----- --=-=-=--