1
Fork 0
mirror of https://https.git.savannah.gnu.org/git/guix.git/ synced 2025-07-09 23:50:47 +02:00
guix/tests/processes.scm
Ludovic Courtès 2f65438eba
tests: Run in a chroot and unprivileged user namespaces.
* build-aux/test-env.in: Pass ‘--disable-chroot’ only when unprivileged
user namespace support is lacking and warn in that case.
* tests/store.scm ("build-things, check mode"): Use ‘gettimeofday’
rather than a shared file as a source of entropy.
("symlink is symlink")
("isolated environment", "inputs are read-only")
("inputs cannot be remounted read-write")
("build root cannot be made world-readable")
("/tmp, store, and /dev/{null,full} are writable")
("network is unreachable"): New tests.
* tests/processes.scm ("client + lock"): Skip when
‘unprivileged-user-namespace-supported?’ returns true.

Change-Id: I3b3c3ebdf6db5fd36ee70251d07b893c17ca1b84
2025-03-26 17:57:44 +01:00

127 lines
5 KiB
Scheme

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018, 2025 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (test-processes)
#:use-module (guix scripts processes)
#:use-module (guix store)
#:use-module (guix derivations)
#:use-module (guix packages)
#:use-module (guix gexp)
#:use-module ((guix utils) #:select (call-with-temporary-directory))
#:use-module (gnu packages bootstrap)
#:use-module ((gnu build linux-container)
#:select (unprivileged-user-namespace-supported?))
#:use-module (guix tests)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-64)
#:use-module (rnrs bytevectors)
#:use-module (rnrs io ports)
#:use-module (ice-9 match)
#:use-module (ice-9 threads))
;; When using --system argument, binfmt-misc mechanism may be used. In that
;; case, (guix script processes) won't work because:
;;
;; * ARGV0 is qemu-user and not guix-daemon.
;; * Guix-daemon won't be able to stuff client PID in ARGV1 of forked
;; processes.
;;
;; See: https://lists.gnu.org/archive/html/bug-guix/2019-12/msg00017.html.
;;
;; If we detect that we are running with binfmt emulation, all the following
;; tests must be skipped.
(define (binfmt-misc?)
(let ((pid (getpid))
(cmdline (call-with-input-file "/proc/self/cmdline" get-string-all)))
(match (primitive-fork)
(0 (dynamic-wind
(const #t)
(lambda ()
(exit
(not (equal?
(call-with-input-file (format #f "/proc/~a/cmdline" pid)
get-string-all)
cmdline))))
(const #t)))
(x (zero? (cdr (waitpid x)))))))
(define-syntax-rule (test-assert* description exp)
(begin
(when (binfmt-misc?)
(test-skip 1))
(test-assert description exp)))
(test-begin "processes")
(test-assert* "not a client"
(not (find (lambda (session)
(= (getpid)
(process-id (daemon-session-client session))))
(daemon-sessions))))
(test-assert* "client"
(with-store store
(let* ((session (find (lambda (session)
(= (getpid)
(process-id (daemon-session-client session))))
(daemon-sessions)))
(daemon (daemon-session-process session)))
(and (kill (process-id daemon) 0)
(string-suffix? "guix-daemon" (first (process-command daemon)))))))
(when (unprivileged-user-namespace-supported?)
;; The test below assumes the build process can communicate with the outside
;; world via the TOKEN1 and TOKEN2 files, which is impossible when
;; guix-daemon is set up to build in separate namespaces.
(test-skip 1))
(test-assert* "client + lock"
(with-store store
(call-with-temporary-directory
(lambda (directory)
(let* ((token1 (string-append directory "/token1"))
(token2 (string-append directory "/token2"))
(exp #~(begin #$(random-text)
(mkdir #$token1)
(let loop ()
(unless (file-exists? #$token2)
(sleep 1)
(loop)))
(mkdir #$output)))
(guile (package-derivation store %bootstrap-guile))
(drv (run-with-store store
(gexp->derivation "foo" exp
#:guile-for-build guile)))
(thread (call-with-new-thread
(lambda ()
(build-derivations store (list drv)))))
(_ (let loop ()
(unless (file-exists? token1)
(usleep 200)
(loop))))
(session (find (lambda (session)
(= (getpid)
(process-id (daemon-session-client session))))
(daemon-sessions)))
(locks (daemon-session-locks-held (pk 'session session))))
(call-with-output-file token2 (const #t))
(equal? (list (string-append (derivation->output-path drv) ".lock"))
locks))))))
(test-end "processes")