import ./make-test-python.nix ( { pkgs, ... }: { name = "systemd"; nodes.machine = { config, lib, ... }: { imports = [ common/user-account.nix common/x11.nix ]; virtualisation.emptyDiskImages = [ 512 512 ]; environment.systemPackages = [ pkgs.cryptsetup ]; virtualisation.fileSystems = { "/test-x-initrd-mount" = { device = "/dev/vdb"; fsType = "ext2"; autoFormat = true; noCheck = true; options = [ "x-initrd.mount" ]; }; }; systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\""; systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\""; services.journald.extraConfig = "Storage=volatile"; test-support.displayManager.auto.user = "alice"; systemd.shutdown.test = pkgs.writeScript "test.shutdown" '' #!${pkgs.runtimeShell} PATH=${ lib.makeBinPath ( with pkgs; [ util-linux coreutils ] ) } mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared touch /tmp/shared/shutdown-test umount /tmp/shared ''; systemd.services.oncalendar-test = { description = "calendar test"; # Japan does not have DST which makes the test a little bit simpler startAt = "Wed 10:00 Asia/Tokyo"; script = "true"; }; systemd.services.testDependency1 = { description = "Test Dependency 1"; wantedBy = [ config.systemd.services."testservice1".name ]; serviceConfig.Type = "oneshot"; script = '' true ''; }; systemd.services.testservice1 = { description = "Test Service 1"; wantedBy = [ config.systemd.targets.multi-user.name ]; serviceConfig.Type = "oneshot"; script = '' if [ "$XXX_SYSTEM" = foo ]; then touch /system_conf_read fi ''; }; systemd.user.services.testservice2 = { description = "Test Service 2"; wantedBy = [ "default.target" ]; serviceConfig.Type = "oneshot"; script = '' if [ "$XXX_USER" = bar ]; then touch "$HOME/user_conf_read" fi ''; }; systemd.watchdog = { device = "/dev/watchdog"; runtimeTime = "30s"; rebootTime = "10min"; kexecTime = "5min"; }; environment.etc."systemd/system-preset/10-testservice.preset".text = '' disable ${config.systemd.services.testservice1.name} ''; }; testScript = { nodes, ... }: '' import re import subprocess machine.start(allow_reboot=True) # Will not succeed unless ConditionFirstBoot=yes machine.wait_for_unit("first-boot-complete.target") # Make sure, a subsequent boot isn't a ConditionFirstBoot=yes. machine.reboot() machine.wait_for_x() state = machine.get_unit_info("first-boot-complete.target")['ActiveState'] assert state == 'inactive', "Detected first boot despite first-boot-completed.target was already reached on a previous boot." # wait for user services machine.wait_for_unit("default.target", "alice") with subtest("systemctl edit suggests --runtime"): # --runtime is suggested when using `systemctl edit` ret, out = machine.execute("systemctl edit testservice1.service 2>&1") assert ret == 1 assert out.rstrip("\n") == "The unit-directory '/etc/systemd/system' is read-only on NixOS, so it's not possible to edit system-units directly. Use 'systemctl edit --runtime' instead." # editing w/o `--runtime` is possible for user-services, however # it's not possible because we're not in a tty when grepping # (i.e. hacky way to ensure that the error from above doesn't appear here). _, out = machine.execute("systemctl --user edit testservice2.service 2>&1") assert out.rstrip("\n") == "Cannot edit units if not on a tty." # Regression test for https://github.com/NixOS/nixpkgs/issues/105049 with subtest("systemd reads timezone database in /etc/zoneinfo"): timer = machine.succeed("TZ=UTC systemctl show --property=TimersCalendar oncalendar-test.timer") assert re.search("next_elapse=Wed ....-..-.. 01:00:00 UTC", timer), f"got {timer.strip()}" # Regression test for https://github.com/NixOS/nixpkgs/issues/35415 with subtest("configuration files are recognized by systemd"): machine.succeed("test -e /system_conf_read") machine.succeed("test -e /home/alice/user_conf_read") machine.succeed("test -z $(ls -1 /var/log/journal)") with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"): retcode, output = machine.execute("systemctl status testservice1.service") assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507 # Regression test for https://github.com/NixOS/nixpkgs/issues/35268 with subtest("file system with x-initrd.mount is not unmounted"): machine.succeed("mountpoint -q /test-x-initrd-mount") machine.shutdown() subprocess.check_call( [ "qemu-img", "convert", "-O", "raw", "vm-state-machine/empty0.qcow2", "x-initrd-mount.raw", ] ) extinfo = subprocess.check_output( [ "${pkgs.e2fsprogs}/bin/dumpe2fs", "x-initrd-mount.raw", ] ).decode("utf-8") assert ( re.search(r"^Filesystem state: *clean$", extinfo, re.MULTILINE) is not None ), ("File system was not cleanly unmounted: " + extinfo) # Regression test for https://github.com/NixOS/nixpkgs/pull/91232 with subtest("setting transient hostnames works"): machine.succeed("hostnamectl set-hostname --transient machine-transient") machine.fail("hostnamectl set-hostname machine-all") with subtest("systemd-shutdown works"): machine.shutdown() machine.wait_for_unit("multi-user.target") machine.succeed("test -e /tmp/shared/shutdown-test") # Test settings from /etc/sysctl.d/50-default.conf are applied with subtest("systemd sysctl settings are applied"): machine.wait_for_unit("multi-user.target") assert "fq_codel" in machine.succeed("sysctl net.core.default_qdisc") # Test systemd is configured to manage a watchdog with subtest("systemd manages hardware watchdog"): machine.wait_for_unit("multi-user.target") # It seems that the device's path doesn't appear in 'systemctl show' so # check it separately. assert "WatchdogDevice=/dev/watchdog" in machine.succeed( "cat /etc/systemd/system.conf" ) output = machine.succeed("systemctl show | grep Watchdog") # assert "RuntimeWatchdogUSec=30s" in output # for some reason RuntimeWatchdogUSec, doesn't seem to be updated in here. assert "RebootWatchdogUSec=10min" in output assert "KExecWatchdogUSec=5min" in output # Test systemd cryptsetup support with subtest("systemd successfully reads /etc/crypttab and unlocks volumes"): # create a luks volume and put a filesystem on it machine.succeed( "echo -n supersecret | cryptsetup luksFormat -q /dev/vdc -", "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vdc foo", "mkfs.ext3 /dev/mapper/foo", ) # create a keyfile and /etc/crypttab machine.succeed("echo -n supersecret > /var/lib/luks-keyfile") machine.succeed("chmod 600 /var/lib/luks-keyfile") machine.succeed("echo 'luks1 /dev/vdc /var/lib/luks-keyfile luks' > /etc/crypttab") # after a reboot, systemd should unlock the volume and we should be able to mount it machine.shutdown() machine.succeed("systemctl status systemd-cryptsetup@luks1.service") machine.succeed("mkdir -p /tmp/luks1") machine.succeed("mount /dev/mapper/luks1 /tmp/luks1") # Do some IP traffic output_ping = machine.succeed( "systemd-run --wait -- ping -c 1 127.0.0.1 2>&1" ) with subtest("systemd reports accounting data on system.slice"): output = machine.succeed("systemctl status system.slice") assert "CPU:" in output assert "Memory:" in output assert "IP:" in output assert "0B in, 0B out" not in output assert "IO:" in output assert "0B read, 0B written" not in output with subtest("systemd per-unit accounting works"): assert "IP traffic received: 84B sent: 84B" in output_ping with subtest("systemd environment is properly set"): machine.systemctl("daemon-reexec") # Rewrites /proc/1/environ machine.succeed("grep -q TZDIR=/etc/zoneinfo /proc/1/environ") with subtest("systemd presets are ignored"): machine.succeed("systemctl preset ${nodes.machine.systemd.services.testservice1.name}") machine.succeed("test -e /etc/systemd/system/${nodes.machine.systemd.services.testservice1.name}") ''; } )