- 12 Dec, 2021 3 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
We observed some test failures like for example 1 where this assertion was failing because message is `Error reading SSH protocol banner`. Because the purpose of this specific test is to check that log rotation of ban log work as expected and because we test more thoroughly the ban itself in TestBan.test_client_are_banned_after_5_wrong_passwords, we can simplify this test by just asserting that connection was refused, by expecting a general exception. We don't care about the details of the exception here. After a ban, the first connection attemps seem to always be refused with "Connection reset by peer" and that's why we did not observed failures with TestBan.test_client_are_banned_after_5_wrong_passwords [1]: https://nexedijs.erp5.net/#/test_result_module/20211208-1520AC26C/21
-
- 10 Dec, 2021 10 commits
-
-
Kirill Smelkov authored
Fix the following build failure in nxdtest's own test: [2021-12-10 15:57:15,142] INFO While: [2021-12-10 15:57:15,142] INFO Installing. [2021-12-10 15:57:15,142] INFO Getting section python-interpreter. [2021-12-10 15:57:15,142] INFO Initializing section python-interpreter. [2021-12-10 15:57:15,142] INFO Getting option python-interpreter:eggs. [2021-12-10 15:57:15,142] INFO Getting section nxdtest. [2021-12-10 15:57:15,142] INFO Initializing section nxdtest. [2021-12-10 15:57:15,142] INFO Getting option nxdtest:eggs. [2021-12-10 15:57:15,142] INFO Getting section .nxdtest.pyexe. [2021-12-10 15:57:15,142] INFO Initializing section .nxdtest.pyexe. [2021-12-10 15:57:15,142] INFO Getting option .nxdtest.pyexe:eggs. [2021-12-10 15:57:15,142] INFO Getting option nxdtest:eggs. [2021-12-10 15:57:15,142] INFO Getting option .nxdtest.pyexe:eggs. [2021-12-10 15:57:15,142] INFO Error: Circular reference in substitutions. This is hot, not a proper, fix to recover nxdtest.UnitTest-Master status. I will think more calmly what to properly do.
-
Kirill Smelkov authored
If we enter user namespace via regular unshare without help from SUID newuidmap/newgidmap, all supplementary groups are mapped to -1. As the result when Go test tries to chown to a supplementary group, it gets EINVAL: https://github.com/golang/go/issues/42525 -> work it around with patch to skip this chown tests. A more proper, longer-term fix would be to fix Linux kernel to allow writes to /proc/self/gid_map to setup mapping not only to original gid, but to all original supplementary groups as well here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c?id=v5.16-rc4-0-g0fcfb00b28c0#n1143 this fix, even if accepted by upstream, would be long to be waited for to propagate to distribution kernels that we currently use. So we go with this workaround for now. -------- Another patch is to fix the following TestSCMCredentials failure: === RUN TestSCMCredentials creds_test.go:81: WriteMsgUnix failed with invalid argument, want EPERM --- FAIL: TestSCMCredentials (0.00s) There the code tries to send uid0/gid0 credentials from non-zero uid and expects EPERM reject from kernel. However under `unshare -Umc` uid0/gid0 are not mapped to anywhere and so implicitly map to -1 and are rejected with EINVAL by the kernel. /reviewed-by @jerome /reviewed-on nexedi/slapos!1095
-
Kirill Smelkov authored
4) Hook in python-prctl, as it becomes nxdtest dependency: see nexedi/nxdtest!13 (79d13eff) /reviewed-by @jerome /reviewed-on nexedi/slapos!1095
-
Kirill Smelkov authored
Prepare for upcoming nxdtest changes to run each testcase with its own /tmp and /dev/shm: 1) put unshare from SlapOS component into $PATH, so that our version is used even if OS provides /bin/unshare. As @jerome explains we need features that were added relatively recently and are missing in unshare on Debian 10: nexedi/nxdtest!13 (comment 146752) It is anyway better to "isolate" from OS by using our own component instead of system-provided one. Correspondingly adjust util-linux to enable unshare in its build. 2) similarly to "1" adjust util-linux to enable mount so that our version is used instead of /bin/mount. For example on Debian 9, even if we successfully enter user/mount namespace with `unshare -Umc` /bin/mount -t tmpfs none /tmp complains that mount: only root can use "--types" option -> Fix it the same way as with unshare by forcing usage of SlapOS-provided mount. 3) rework how nxdtest script is generated and split it into .nxdtest.pyexe and nxdtest itself. .nxdtest.pyexe is python interpreter via which nxdtest is run. This interpreter has all eggs required by nxdtest in sys.path, so that nxdtest could spawn its trun.py via sys.executable. If we don't care to have properly setup sys.executable, trun.py will fail when importing any module that nxdtest.py could already successfully import. Initially I tried to workaround this issue via adjusting $PYTHONPATH <- sys.path in main nxdtest script, but @jerome points out that, $PYTHONPATH, if set, also affects processes that trun.py spawns, which is not good: nexedi/slapos!1095 (comment 146799) -> so fix this via running nxdtest via environment where sys.executable is properly setup python interpreter with path for all eggs that nxdtest has access to. Because we already have half-way workarounds for similar problem in several places, and because running a script with correctly setup sys.executable is generally better, I would say it should be a good idea to rework zc.recipe.egg:scripts to generate all scripts to work this way, but I do not want to fight about it. So let's leave this scheme nxdtest-specific for now. /cc @tomo /helped-and-reviewed-by @jerome /reviewed-on nexedi/slapos!1095
-
Thomas Gambier authored
When adding a route to an interface not up yet, "ip route" command fails with: Error: Device for nexthop is not up. So we need to up the device before adding the routes.
-
Julien Muchembled authored
This is a regression with 0.48 that prevented parts to be shared depending on which Python is used to run Python (whether it's version 2 or 3).
-
Julien Muchembled authored
The patch was useless since version 6.0: http://ncurses.scripts.mit.edu/?p=ncurses.git;h=6a530b46563470c2ca73579d1994a0c8e275dd98
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
- 09 Dec, 2021 2 commits
-
-
Jérome Perrin authored
slapos.core now depends on PyYAML and jsonschema
-
Kirill Smelkov authored
This upgrade fixes deadlock when new context is created from already-canceled parent[1]. It also comes with other minor enhancements and fixes needed e.g. for `zodb restore`[2]. [1] nexedi/pygolang@58d4cbfe [2] https://pypi.org/project/pygolang/#pygolang-change-history
-
- 08 Dec, 2021 19 commits
-
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
json-c, memcached and xpdf are still maintained but current buildout.cfg are not useful if we want to ship a new version.
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Romain Courteaud authored
Keep compatibility with the default webrunner configuration.
-
Romain Courteaud authored
Prevent unexpected instance deletion.
-
- 07 Dec, 2021 1 commit
-
-
Jérome Perrin authored
See merge request !1094
-
- 06 Dec, 2021 4 commits
-
-
Xavier Thompson authored
-
Xavier Thompson authored
It appears no longer needed to use LD_LIBRARY_PATH to ensure the correct runtime path resolution of libsecret in theia's `keytar` component. Also LD_LIBRARY_PATH was leaking into theia's environment and affecting tests launched from within theia. This reverts commit 681ec188.
-
Xavier Thompson authored
-
Xavier Thompson authored
See merge request !1096
-
- 03 Dec, 2021 1 commit
-
-
Xavier Thompson authored
Always format the partitions to ensure the slapformat configuration is valid, because the constructor overwrites it with invalid values. We need a valid configuration so that `slapos node format` works, and we need `slapos node format` for the resiliency import script.
-