From 820cc72b52b961220fe862b74d42f27ce8c8b2da Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Tue, 2 Mar 2021 00:57:17 -0800 Subject: [PATCH 1/2] ssm-agent: 2.3.1319.0 -> 3.0.755.0 Co-authored-by: Cole Helbling --- ...C-tests-that-fail-in-the-Nix-sandbox.patch | 44 +++++++ ...-gen-don-t-use-unnecessary-constants.patch | 46 ++++++++ .../networking/cluster/ssm-agent/default.nix | 108 +++++++++++------- 3 files changed, 159 insertions(+), 39 deletions(-) create mode 100644 pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch create mode 100644 pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch diff --git a/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch b/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch new file mode 100644 index 000000000000..364f7653efa3 --- /dev/null +++ b/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch @@ -0,0 +1,44 @@ +From bea6307ec2a77d90d59c13940381d73ec0f05b70 Mon Sep 17 00:00:00 2001 +From: Graham Christensen +Date: Mon, 1 Mar 2021 10:57:44 -0500 +Subject: [PATCH] Disable NIC tests that fail in the Nix sandbox. + +--- + agent/managedInstances/fingerprint/fingerprint_integ_test.go | 2 ++ + agent/ssm/service_test.go | 1 + + 2 files changed, 3 insertions(+) + +diff --git a/agent/managedInstances/fingerprint/fingerprint_integ_test.go b/agent/managedInstances/fingerprint/fingerprint_integ_test.go +index a1f969ff..631ea1f5 100644 +--- a/agent/managedInstances/fingerprint/fingerprint_integ_test.go ++++ b/agent/managedInstances/fingerprint/fingerprint_integ_test.go +@@ -28,12 +28,14 @@ func TestHostnameInfo(t *testing.T) { + } + + func TestPrimaryIpInfo(t *testing.T) { ++ t.Skip("The Nix build sandbox has no non-loopback IPs, causing this test to fail."); + ip, err := primaryIpInfo() + assert.NoError(t, err, "expected no error fetching the primary ip") + assert.NotEmpty(t, ip, "expected to fetch primary ip") + } + + func TestMacAddrInfo(t *testing.T) { ++ t.Skip("The Nix build sandbox has no non-loopback interfaces, causing this test to fail."); + mac, err := macAddrInfo() + assert.NoError(t, err, "expected no error fetching the mac addr") + assert.NotEmpty(t, mac, "expected to fetch mac address") +diff --git a/agent/ssm/service_test.go b/agent/ssm/service_test.go +index f4b34f83..d8216dba 100644 +--- a/agent/ssm/service_test.go ++++ b/agent/ssm/service_test.go +@@ -85,6 +85,7 @@ func (suite *SsmServiceTestSuite) TestUpdateEmptyInstanceInformation() { + // Test function for update instance information + // This function update the agent name, agent statuc, and agent version. + func (suite *SsmServiceTestSuite) TestUpdateInstanceInformation() { ++ suite.T().Skip("The Nix build sandbox has no interfaces for IP and MAC address reports."); + // Give mock value to test UpdateInstanceInformation, assert the error is nil, assert the log.Debug function get called. + response, err := suite.sdkService.UpdateInstanceInformation(suite.logMock, "2.2.3.2", "active", "Amazon-ssm-agent") + assert.Nil(suite.T(), err, "Err should be nil") +-- +2.29.2 + diff --git a/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch b/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch new file mode 100644 index 000000000000..234e510d3d17 --- /dev/null +++ b/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch @@ -0,0 +1,46 @@ +From 473e3f8544915a35b3a45c548743978b34e5310e Mon Sep 17 00:00:00 2001 +From: Cole Helbling +Date: Tue, 2 Mar 2021 00:24:00 -0800 +Subject: [PATCH] version-gen: don't use unnecessary constants + +This prevents the tool from being built with Nix, because this project +doesn't use Go modules (or something; I'm not really familiar with Go, +much less Go + Nix). +--- + agent/version/versiongenerator/version-gen.go | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/agent/version/versiongenerator/version-gen.go b/agent/version/versiongenerator/version-gen.go +index d710effc..55c9a001 100644 +--- a/agent/version/versiongenerator/version-gen.go ++++ b/agent/version/versiongenerator/version-gen.go +@@ -22,8 +22,6 @@ import ( + "path/filepath" + "strings" + "text/template" +- +- "github.com/aws/amazon-ssm-agent/agent/appconfig" + ) + + const versiongoTemplate = `// This is an autogenerated file and should not be edited. +@@ -59,7 +57,7 @@ func main() { + versionStr := strings.TrimSpace(string(versionContent)) + + fmt.Printf("Agent Version: %v", versionStr) +- if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), appconfig.ReadWriteAccess); err != nil { ++ if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), 0600); err != nil { + log.Fatalf("Error writing to VERSION file. %v", err) + } + +@@ -108,7 +106,7 @@ func main() { + + releaseNoteOutFile := strings.Join(releaseNoteLines, "\n") + +- if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), appconfig.ReadWriteAccess); err != nil { ++ if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), 0600); err != nil { + log.Fatalf("Error writing to RELEASENOTES.md file. %v", err) + } + +-- +2.30.0 + diff --git a/pkgs/applications/networking/cluster/ssm-agent/default.nix b/pkgs/applications/networking/cluster/ssm-agent/default.nix index b042f8ff15f3..9b9e57ca3335 100644 --- a/pkgs/applications/networking/cluster/ssm-agent/default.nix +++ b/pkgs/applications/networking/cluster/ssm-agent/default.nix @@ -1,63 +1,93 @@ -{ lib, fetchFromGitHub, buildGoPackage, bash, makeWrapper }: +{ lib +, writeShellScriptBin +, buildGoPackage +, makeWrapper +, fetchFromGitHub +, coreutils +, nettools +, dmidecode +, util-linux +, bashInteractive +}: +let + # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool + # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM + # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix. + fake-lsb-release = writeShellScriptBin "lsb_release" '' + . /etc/os-release || true + + case "$1" in + -i) echo "''${NAME:-unknown}";; + -r) echo "''${VERSION:-unknown}";; + esac + ''; +in buildGoPackage rec { - pname = "amazon-ssm-agent"; - version = "2.3.1319.0"; + pname = "amazon-ssm-agent"; + version = "3.0.755.0"; goPackagePath = "github.com/aws/${pname}"; - subPackages = [ - "agent" - "agent/framework/processor/executer/outofproc/worker" - "agent/framework/processor/executer/outofproc/worker" - "agent/framework/processor/executer/outofproc/sessionworker" - "agent/session/logging" - "agent/cli-main" - ]; nativeBuildInputs = [ makeWrapper ]; src = fetchFromGitHub { - rev = version; - owner = "aws"; - repo = pname; - sha256 = "1yiyhj7ckqa32b1rnbwn7zx89rsj00m5imn1xlpsw002ywxsxbnv"; + rev = version; + owner = "aws"; + repo = "amazon-ssm-agent"; + hash = "sha256-yVQJL1MJ1JlAndlrXfEbNLQihlbLhSoQXTKzJMRzhao="; }; - preBuild = '' - mv go/src/${goPackagePath}/vendor strange-vendor - mv strange-vendor/src go/src/${goPackagePath}/vendor + patches = [ + # Some tests use networking, so we skip them. + ./0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch - cd go/src/${goPackagePath} - echo ${version} > VERSION + # They used constants from another package that I couldn't figure + # out how to resolve, so hardcoded the constants. + ./0002-version-gen-don-t-use-unnecessary-constants.patch + ]; - substituteInPlace agent/plugins/inventory/gatherers/application/dataProvider.go \ - --replace '"github.com/aws/amazon-ssm-agent/agent/plugins/configurepackage/localpackages"' "" + configurePhase = '' + export HOME=$(mktemp -d) - go run agent/version/versiongenerator/version-gen.go - substituteInPlace agent/appconfig/constants_unix.go \ - --replace /usr/bin/ssm-document-worker $bin/bin/ssm-document-worker \ - --replace /usr/bin/ssm-session-worker $bin/bin/ssm-session-worker \ - --replace /usr/bin/ssm-session-logger $bin/bin/ssm-session-logger - cd - + printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh + + substituteInPlace agent/platform/platform_unix.go \ + --replace "/usr/bin/uname" "${coreutils}/bin/uname" \ + --replace '"/bin", "hostname"' '"${nettools}/bin/hostname"' \ + --replace '"lsb_release"' '"${fake-lsb-release}/bin/lsb_release"' + + substituteInPlace agent/managedInstances/fingerprint/hardwareInfo_unix.go \ + --replace /usr/sbin/dmidecode ${dmidecode}/bin/dmidecode + + substituteInPlace agent/session/shell/shell_unix.go \ + --replace '"script"' '"${util-linux}/bin/script"' + + # Note: if this step fails, please patch the code to fix it! Please only skip + # tests if it is not feasible for the test to pass in a sandbox. + make quick-integtest + + echo "${version}" > VERSION + + make pre-release + make pre-build ''; - postBuild = '' - mv go/bin/agent go/bin/amazon-ssm-agent - mv go/bin/worker go/bin/ssm-document-worker - mv go/bin/sessionworker go/bin/ssm-session-worker - mv go/bin/logging go/bin/ssm-session-logger - mv go/bin/cli-main go/bin/ssm-cli + buildPhase = '' + make build-linux ''; - postInstall = '' - wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bash}/bin + installPhase = '' + mkdir -p $out/bin + mv bin/linux_*/* $out/bin/ + wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin ''; meta = with lib; { description = "Agent to enable remote management of your Amazon EC2 instance configuration"; - homepage = "https://github.com/aws/amazon-ssm-agent"; - license = licenses.asl20; - platforms = platforms.unix; + homepage = "https://github.com/aws/amazon-ssm-agent"; + license = licenses.asl20; + platforms = platforms.unix; maintainers = with maintainers; [ copumpkin manveru ]; }; } From 29b99a22a5e06de3d7a2401398c169782685078e Mon Sep 17 00:00:00 2001 From: Cole Helbling Date: Tue, 2 Mar 2021 12:47:42 -0800 Subject: [PATCH 2/2] ssm-agent: don't override phases --- .../networking/cluster/ssm-agent/default.nix | 43 +++++++++++++------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/pkgs/applications/networking/cluster/ssm-agent/default.nix b/pkgs/applications/networking/cluster/ssm-agent/default.nix index 9b9e57ca3335..3aa583f3ae39 100644 --- a/pkgs/applications/networking/cluster/ssm-agent/default.nix +++ b/pkgs/applications/networking/cluster/ssm-agent/default.nix @@ -11,9 +11,10 @@ }: let - # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool - # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM - # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix. + # Tests use lsb_release, so we mock it (the SSM agent used to not + # read from our /etc/os-release file, but now it does) because in + # reality, it won't (shouldn't) be used when active on a system with + # /etc/os-release. If it is, we fake the only two fields it cares about. fake-lsb-release = writeShellScriptBin "lsb_release" '' . /etc/os-release || true @@ -47,9 +48,8 @@ buildGoPackage rec { ./0002-version-gen-don-t-use-unnecessary-constants.patch ]; - configurePhase = '' - export HOME=$(mktemp -d) - + preConfigure = '' + rm -r ./Tools/src/goreportcard printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh substituteInPlace agent/platform/platform_unix.go \ @@ -63,23 +63,40 @@ buildGoPackage rec { substituteInPlace agent/session/shell/shell_unix.go \ --replace '"script"' '"${util-linux}/bin/script"' + echo "${version}" > VERSION + ''; + + preBuild = '' + cp -r go/src/${goPackagePath}/vendor/src go + + pushd go/src/${goPackagePath} + # Note: if this step fails, please patch the code to fix it! Please only skip # tests if it is not feasible for the test to pass in a sandbox. make quick-integtest - echo "${version}" > VERSION - make pre-release make pre-build + + popd ''; - buildPhase = '' - make build-linux + postBuild = '' + pushd go/bin + + rm integration-cli versiongenerator generator + + mv core amazon-ssm-agent + mv agent ssm-agent-worker + mv cli-main ssm-cli + mv worker ssm-document-worker + mv logging ssm-session-logger + mv sessionworker ssm-session-worker + + popd ''; - installPhase = '' - mkdir -p $out/bin - mv bin/linux_*/* $out/bin/ + postFixup = '' wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin '';