Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'upstream/master' into staging
- Loading branch information
Showing
32 changed files
with
784 additions
and
485 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
# Some tests to ensure sudo is working properly. | ||
|
||
let | ||
password = "helloworld"; | ||
|
||
in | ||
import ./make-test.nix ({ pkgs, ...} : { | ||
name = "sudo"; | ||
meta = with pkgs.stdenv.lib.maintainers; { | ||
maintainers = [ lschuermann ]; | ||
}; | ||
|
||
machine = | ||
{ config, lib, pkgs, ... }: | ||
with lib; | ||
{ | ||
users.extraGroups = { foobar = {}; barfoo = {}; baz = { gid = 1337; }; }; | ||
users.users = { | ||
test0 = { isNormalUser = true; extraGroups = [ "wheel" ]; }; | ||
test1 = { isNormalUser = true; password = password; }; | ||
test2 = { isNormalUser = true; extraGroups = [ "foobar" ]; password = password; }; | ||
test3 = { isNormalUser = true; extraGroups = [ "barfoo" ]; }; | ||
test4 = { isNormalUser = true; extraGroups = [ "baz" ]; }; | ||
test5 = { isNormalUser = true; }; | ||
}; | ||
|
||
security.sudo = { | ||
enable = true; | ||
wheelNeedsPassword = false; | ||
|
||
extraRules = [ | ||
# SUDOERS SYNTAX CHECK (Test whether the module produces a valid output; | ||
# errors being detected by the visudo checks. | ||
|
||
# These should not create any entries | ||
{ users = [ "notest1" ]; commands = [ ]; } | ||
{ commands = [ { command = "ALL"; options = [ ]; } ]; } | ||
|
||
# Test defining commands with the options syntax, though not setting any options | ||
{ users = [ "notest2" ]; commands = [ { command = "ALL"; options = [ ]; } ]; } | ||
|
||
|
||
# CONFIGURATION FOR TEST CASES | ||
{ users = [ "test1" ]; groups = [ "foobar" ]; commands = [ "ALL" ]; } | ||
{ groups = [ "barfoo" 1337 ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" "NOSETENV" ]; } ]; } | ||
{ users = [ "test5" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" "SETENV" ]; } ]; runAs = "test1:barfoo"; } | ||
]; | ||
}; | ||
}; | ||
|
||
testScript = | ||
'' | ||
subtest "users in wheel group should have passwordless sudo", sub { | ||
$machine->succeed("su - test0 -c \"sudo -u root true\""); | ||
}; | ||
subtest "test1 user should have sudo with password", sub { | ||
$machine->succeed("su - test1 -c \"echo ${password} | sudo -S -u root true\""); | ||
}; | ||
subtest "test1 user should not be able to use sudo without password", sub { | ||
$machine->fail("su - test1 -c \"sudo -n -u root true\""); | ||
}; | ||
subtest "users in group 'foobar' should be able to use sudo with password", sub { | ||
$machine->succeed("sudo -u test2 echo ${password} | sudo -S -u root true"); | ||
}; | ||
subtest "users in group 'barfoo' should be able to use sudo without password", sub { | ||
$machine->succeed("sudo -u test3 sudo -n -u root true"); | ||
}; | ||
subtest "users in group 'baz' (GID 1337) should be able to use sudo without password", sub { | ||
$machine->succeed("sudo -u test4 sudo -n -u root echo true"); | ||
}; | ||
subtest "test5 user should be able to run commands under test1", sub { | ||
$machine->succeed("sudo -u test5 sudo -n -u test1 true"); | ||
}; | ||
subtest "test5 user should not be able to run commands under root", sub { | ||
$machine->fail("sudo -u test5 sudo -n -u root true"); | ||
}; | ||
subtest "test5 user should be able to keep his environment", sub { | ||
$machine->succeed("sudo -u test5 sudo -n -E -u test1 true"); | ||
}; | ||
subtest "users in group 'barfoo' should not be able to keep their environment", sub { | ||
$machine->fail("sudo -u test3 sudo -n -E -u root true"); | ||
}; | ||
''; | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ stdenv, fetchurl, perl }: | ||
|
||
stdenv.mkDerivation rec { | ||
name = "mencal-3.0"; | ||
|
||
src = fetchurl { | ||
url = "http://kyberdigi.cz/projects/mencal/files/${name}.tar.gz"; | ||
sha256 = "9328d0b2f3f57847e8753c5184531f4832be7123d1b6623afdff892074c03080"; | ||
}; | ||
|
||
installPhase = '' | ||
mkdir -p $out/bin | ||
cp mencal $out/bin/ | ||
''; | ||
|
||
buildInputs = [ perl ]; | ||
|
||
meta = with stdenv.lib; { | ||
description = "Menstruation calendar"; | ||
longDescription = '' | ||
Mencal is a simple variation of the well-known unix command cal. | ||
The main difference is that you can have some periodically repeating | ||
days highlighted in color. This can be used to track | ||
menstruation (or other) cycles conveniently. | ||
''; | ||
homepage = "http://www.kyberdigi.cz/projects/mencal/english.html"; | ||
license = licenses.gpl2; | ||
maintainers = [ maintainers.mmahut ]; | ||
platforms = platforms.all; | ||
}; | ||
} |
Oops, something went wrong.