Merge pull request #70352 from wucke13/systemd-importd
systemd: add systemd-importd
This commit is contained in:
commit
c3566c7a4f
@ -63,6 +63,7 @@ let
|
||||
"systemd-logind.service"
|
||||
"autovt@.service"
|
||||
"systemd-user-sessions.service"
|
||||
"dbus-org.freedesktop.import1.service"
|
||||
"dbus-org.freedesktop.machine1.service"
|
||||
"user@.service"
|
||||
"user-runtime-dir@.service"
|
||||
@ -145,6 +146,7 @@ let
|
||||
"user.slice"
|
||||
"machine.slice"
|
||||
"machines.target"
|
||||
"systemd-importd.service"
|
||||
"systemd-machined.service"
|
||||
"systemd-nspawn@.service"
|
||||
|
||||
|
@ -274,6 +274,7 @@ in
|
||||
systemd-confinement = handleTest ./systemd-confinement.nix {};
|
||||
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
|
||||
systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {};
|
||||
systemd-nspawn = handleTest ./systemd-nspawn.nix {};
|
||||
pdns-recursor = handleTest ./pdns-recursor.nix {};
|
||||
taskserver = handleTest ./taskserver.nix {};
|
||||
telegraf = handleTest ./telegraf.nix {};
|
||||
|
58
nixos/tests/systemd-nspawn.nix
Normal file
58
nixos/tests/systemd-nspawn.nix
Normal file
@ -0,0 +1,58 @@
|
||||
import ./make-test.nix ({pkgs, lib, ...}:
|
||||
let
|
||||
gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
|
||||
mkdir -p $out
|
||||
export GNUPGHOME=$out
|
||||
cat > foo <<EOF
|
||||
%echo Generating a basic OpenPGP key
|
||||
%no-protection
|
||||
Key-Type: DSA
|
||||
Key-Length: 1024
|
||||
Subkey-Type: ELG-E
|
||||
Subkey-Length: 1024
|
||||
Name-Real: Joe Tester
|
||||
Name-Email: joe@foo.bar
|
||||
Expire-Date: 0
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
gpg --batch --generate-key foo
|
||||
rm $out/S.gpg-agent $out/S.gpg-agent.*
|
||||
gpg --export joe@foo.bar -a > $out/pubkey.gpg
|
||||
'');
|
||||
|
||||
nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } ''
|
||||
mkdir -p $out
|
||||
cd $out
|
||||
dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5
|
||||
sha256sum testimage.raw > SHA256SUMS
|
||||
export GNUPGHOME="$(mktemp -d)"
|
||||
cp -R ${gpgKeyring}/* $GNUPGHOME
|
||||
gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS
|
||||
'');
|
||||
in {
|
||||
name = "opensmtpd";
|
||||
|
||||
nodes = {
|
||||
server = { pkgs, ... }: {
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."server".root = nspawnImages;
|
||||
};
|
||||
};
|
||||
client = { pkgs, ... }: {
|
||||
environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
startAll;
|
||||
|
||||
$server->waitForUnit("nginx.service");
|
||||
$client->waitForUnit("network-online.target");
|
||||
$client->succeed("machinectl pull-raw --verify=signature http://server/testimage.raw");
|
||||
$client->succeed("cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw");
|
||||
'';
|
||||
})
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod
|
||||
, xz, pam, acl, libuuid, m4, utillinux, libffi
|
||||
{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap
|
||||
, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, utillinux, libffi
|
||||
, glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
|
||||
, audit, lz4, bzip2, libmicrohttpd, pcre2
|
||||
, linuxHeaders ? stdenv.cc.libc.linuxHeaders
|
||||
@ -15,7 +15,21 @@
|
||||
, withKexectools ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) kexectools.meta.platforms, kexectools
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
let gnupg-minimal = gnupg.override {
|
||||
enableMinimal = true;
|
||||
guiSupport = false;
|
||||
pcsclite = null;
|
||||
sqlite = null;
|
||||
pinentry = null;
|
||||
adns = null;
|
||||
gnutls = null;
|
||||
libusb = null;
|
||||
openldap = null;
|
||||
readline = null;
|
||||
zlib = null;
|
||||
bzip2 = null;
|
||||
};
|
||||
in stdenv.mkDerivation {
|
||||
version = "243";
|
||||
pname = "systemd";
|
||||
|
||||
@ -41,7 +55,7 @@ stdenv.mkDerivation {
|
||||
(buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]))
|
||||
];
|
||||
buildInputs =
|
||||
[ linuxHeaders libcap kmod xz pam acl
|
||||
[ linuxHeaders libcap curl.dev kmod xz pam acl
|
||||
/* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2
|
||||
libmicrohttpd pcre2 ] ++
|
||||
stdenv.lib.optional withKexectools kexectools ++
|
||||
@ -67,6 +81,7 @@ stdenv.mkDerivation {
|
||||
"-Ddebug-shell=${bashInteractive}/bin/bash"
|
||||
# while we do not run tests we should also not build them. Removes about 600 targets
|
||||
"-Dtests=false"
|
||||
"-Dimportd=true"
|
||||
"-Dlz4=true"
|
||||
"-Dhostnamed=true"
|
||||
"-Dnetworkd=true"
|
||||
@ -77,7 +92,7 @@ stdenv.mkDerivation {
|
||||
"-Dlocaled=true"
|
||||
"-Dresolve=true"
|
||||
"-Dsplit-usr=false"
|
||||
"-Dlibcurl=false"
|
||||
"-Dlibcurl=true"
|
||||
"-Dlibidn=false"
|
||||
"-Dlibidn2=true"
|
||||
"-Dquotacheck=false"
|
||||
@ -144,6 +159,14 @@ stdenv.mkDerivation {
|
||||
patchShebangs $dir
|
||||
done
|
||||
|
||||
# absolute paths to gpg & tar
|
||||
substituteInPlace src/import/pull-common.c \
|
||||
--replace '"gpg"' '"${gnupg-minimal}/bin/gpg"'
|
||||
for file in src/import/{{export,import,pull}-tar,import-common}.c; do
|
||||
substituteInPlace $file \
|
||||
--replace '"tar"' '"${gnutar}/bin/tar"'
|
||||
done
|
||||
|
||||
substituteInPlace src/journal/catalog.c \
|
||||
--replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
|
||||
'';
|
||||
|
@ -1,17 +1,17 @@
|
||||
{ fetchurl, fetchpatch, stdenv, pkgconfig, libgcrypt, libassuan, libksba
|
||||
, libgpgerror, libiconv, npth, gettext, texinfo, pcsclite, sqlite
|
||||
, buildPackages
|
||||
, libgpgerror, libiconv, npth, gettext, texinfo, buildPackages
|
||||
|
||||
# Each of the dependencies below are optional.
|
||||
# Gnupg can be built without them at the cost of reduced functionality.
|
||||
, pinentry ? null, guiSupport ? false
|
||||
, adns ? null, gnutls ? null, libusb ? null, openldap ? null
|
||||
, readline ? null, zlib ? null, bzip2 ? null
|
||||
, guiSupport ? true, enableMinimal ? false
|
||||
, adns ? null , bzip2 ? null , gnutls ? null , libusb ? null , openldap ? null
|
||||
, pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ?
|
||||
null
|
||||
}:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
assert guiSupport -> pinentry != null;
|
||||
assert guiSupport -> pinentry != null && enableMinimal == false;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnupg";
|
||||
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
|
||||
postPatch = ''
|
||||
sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \
|
||||
configure doc/dirmngr.texi doc/gnupg.info-1
|
||||
'' + stdenv.lib.optionalString stdenv.isLinux ''
|
||||
'' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) ''
|
||||
sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
|
||||
''; #" fix Emacs syntax highlighting :-(
|
||||
|
||||
@ -50,7 +50,14 @@ stdenv.mkDerivation rec {
|
||||
"--with-npth-prefix=${npth}"
|
||||
] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}";
|
||||
|
||||
postInstall = ''
|
||||
postInstall = if enableMinimal
|
||||
then ''
|
||||
rm -r $out/{libexec,sbin,share}
|
||||
for f in `find $out/bin -type f -not -name gpg`
|
||||
do
|
||||
rm $f
|
||||
done
|
||||
'' else ''
|
||||
mkdir -p $out/lib/systemd/user
|
||||
for f in doc/examples/systemd-user/*.{service,socket} ; do
|
||||
substitute $f $out/lib/systemd/user/$(basename $f) \
|
||||
|
Loading…
Reference in New Issue
Block a user