;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-swh) #:use-module (guix swh) #:use-module (guix tests http) #:use-module (web response) #:use-module (srfi srfi-64)) ;; Test the JSON mapping machinery used in (guix swh). (define %origin "{ \"visits_url\": \"/visits/42\", \"type\": \"git\", \"url\": \"http://example.org/guix.git\" }") (define %directory-entries "[ { \"name\": \"one\", \"type\": \"regular\", \"length\": 123, \"dir_id\": 1 } { \"name\": \"two\", \"type\": \"regular\", \"length\": 456, \"dir_id\": 2 } ]") (define-syntax-rule (with-json-result str exp ...) (with-http-server `((200 ,str)) (parameterize ((%swh-base-url (%local-url))) exp ...))) (test-begin "swh") (test-equal "lookup-origin" (list "git" "http://example.org/guix.git") (with-json-result %origin (let ((origin (lookup-origin "http://example.org/guix.git"))) (list (origin-type origin) (origin-url origin))))) (test-equal "lookup-origin, not found" #f (with-http-server `((404 "Nope.")) (parameterize ((%swh-base-url (%local-url))) (lookup-origin "http://example.org/whatever")))) (test-equal "lookup-directory" '(("one" 123) ("two" 456)) (with-json-result %directory-entries (map (lambda (entry) (list (directory-entry-name entry) (directory-entry-length entry))) (lookup-directory "123")))) (test-equal "rate limit reached" 3000000000 (let ((too-many (build-response #:code 429 #:reason-phrase "Too many requests" ;; Pretend we've reached the limit and it'll be reset in ;; June 2065. #:headers '((x-ratelimit-remaining . "0") (x-ratelimit-reset . "3000000000"))))) (with-http-server `((,too-many "Too bad.")) (parameterize ((%swh-base-url (%local-url))) (catch 'swh-error (lambda () (lookup-origin "http://example.org/guix.git")) (lambda (key url method response) ;; Ensure the reset time was recorded. (@@ (guix swh) %general-rate-limit-reset-time))))))) (test-assert "%allow-request? and request-rate-limit-reached?" ;; Here we test two things: that the rate limit set above is in effect and ;; that %ALLOW-REQUEST? is called, and that 'request-rate-limit-reached?' ;; returns true. (let* ((key (gensym "skip-request")) (skip-if-limit-reached (lambda (url method) (or (not (request-rate-limit-reached? url method)) (throw key #t))))) (parameterize ((%allow-request? skip-if-limit-reached)) (catch key (lambda () (lookup-origin "http://example.org/guix.git") #f) (const #t))))) (test-end "swh") ;; Local Variables: ;; eval: (put 'with-json-result 'scheme-indent-function 1) ;; eval: (put 'with-http-server 'scheme-indent-function 1) ;; End: g.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise. Tobias Geerinckx-Rice 2021-03-10services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos