b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #104727 from chkno/fuse-dot-sshfs

Browse source 
nixos/locate: Fix sshfs exclusion
This commit is contained in:
Guillaume Girol 2020-12-11 20:32:28 +00:00 committed by GitHub
parent 5a33e44776 86f0dc221f
commit a7b60e6bdf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 129 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
nixos/modules/misc/locate.nix
View file

@ -73,7 +73,72 @@ in {
pruneFS = mkOption {
type = listOf str;
default = ["afs" "anon_inodefs" "auto" "autofs" "bdev" "binfmt" "binfmt_misc" "cgroup" "cifs" "coda" "configfs" "cramfs" "cpuset" "debugfs" "devfs" "devpts" "devtmpfs" "ecryptfs" "eventpollfs" "exofs" "futexfs" "ftpfs" "fuse" "fusectl" "gfs" "gfs2" "hostfs" "hugetlbfs" "inotifyfs" "iso9660" "jffs2" "lustre" "misc" "mqueue" "ncpfs" "nnpfs" "ocfs" "ocfs2" "pipefs" "proc" "ramfs" "rpc_pipefs" "securityfs" "selinuxfs" "sfs" "shfs" "smbfs" "sockfs" "spufs" "nfs" "NFS" "nfs4" "nfsd" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" "ubifs" "udf" "usbfs" "vboxsf" "vperfctrfs" ];
default = [
"afs"
"anon_inodefs"
"auto"
"autofs"
"bdev"
"binfmt"
"binfmt_misc"
"cgroup"
"cifs"
"coda"
"configfs"
"cramfs"
"cpuset"
"debugfs"
"devfs"
"devpts"
"devtmpfs"
"ecryptfs"
"eventpollfs"
"exofs"
"futexfs"
"ftpfs"
"fuse"
"fusectl"
"fuse.sshfs"
"gfs"
"gfs2"
"hostfs"
"hugetlbfs"
"inotifyfs"
"iso9660"
"jffs2"
"lustre"
"misc"
"mqueue"
"ncpfs"
"nnpfs"
"ocfs"
"ocfs2"
"pipefs"
"proc"
"ramfs"
"rpc_pipefs"
"securityfs"
"selinuxfs"
"sfs"
"shfs"
"smbfs"
"sockfs"
"spufs"
"nfs"
"NFS"
"nfs4"
"nfsd"
"sshfs"
"subfs"
"supermount"
"sysfs"
"tmpfs"
"ubifs"
"udf"
"usbfs"
"vboxsf"
"vperfctrfs"
];
description = ''
Which filesystem types to exclude from indexing
'';

1
nixos/tests/all-tests.nix
View file

@ -195,6 +195,7 @@ in
lidarr = handleTest ./lidarr.nix {};
lightdm = handleTest ./lightdm.nix {};
limesurvey = handleTest ./limesurvey.nix {};
locate = handleTest ./locate.nix {};
login = handleTest ./login.nix {};
loki = handleTest ./loki.nix {};
lsd = handleTest ./lsd.nix {};

62
nixos/tests/locate.nix Normal file
View file

@ -0,0 +1,62 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
let inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
in {
name = "locate";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chkno ];
nodes = rec {
a = {
environment.systemPackages = with pkgs; [ sshfs ];
fileSystems = lib.mkVMOverride {
"/ssh" = {
device = "alice@b:/";
fsType = "fuse.sshfs";
options = [
"allow_other"
"IdentityFile=/privkey"
"noauto"
"StrictHostKeyChecking=no"
"UserKnownHostsFile=/dev/null"
];
};
};
services.locate = {
enable = true;
interval = "*:*:0/5";
};
};
b = {
services.openssh.enable = true;
users.users.alice = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
};
};
testScript = ''
start_all()
# Set up sshfs mount
a.succeed(
"(umask 077; cat ${snakeOilPrivateKey} > /privkey)"
)
b.succeed("touch /file-on-b-machine")
b.wait_for_open_port(22)
a.succeed("mkdir /ssh")
a.succeed("mount /ssh")
# Core locatedb functionality
a.succeed("touch /file-on-a-machine-1")
a.wait_for_file("/var/cache/locatedb")
a.wait_until_succeeds("locate file-on-a-machine-1")
# Wait for a second update to make sure we're using a locatedb from a run
# that began after the sshfs mount
a.succeed("touch /file-on-a-machine-2")
a.wait_until_succeeds("locate file-on-a-machine-2")
# We shouldn't be able to see files on the other machine
a.fail("locate file-on-b-machine")
'';
})