mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-29 07:32:58 +00:00
vsftpd: enable seccomp (#158974)
* vsftpd: enable seccomp * nixos/tests/vsftpd: add basic test * vsftpd: add test to passthru
This commit is contained in:
parent
e78a5bc15a
commit
8289e6478b
@ -554,6 +554,7 @@ in
|
||||
vikunja = handleTest ./vikunja.nix {};
|
||||
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
|
||||
vscodium = discoverTests (import ./vscodium.nix);
|
||||
vsftpd = handleTest ./vsftpd.nix {};
|
||||
wasabibackend = handleTest ./wasabibackend.nix {};
|
||||
wiki-js = handleTest ./wiki-js.nix {};
|
||||
wine = handleTest ./wine.nix {};
|
||||
|
42
nixos/tests/vsftpd.nix
Normal file
42
nixos/tests/vsftpd.nix
Normal file
@ -0,0 +1,42 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "vsftpd";
|
||||
|
||||
nodes = {
|
||||
server = {
|
||||
services.vsftpd = {
|
||||
enable = true;
|
||||
userlistDeny = false;
|
||||
localUsers = true;
|
||||
userlist = [ "ftp-test-user" ];
|
||||
writeEnable = true;
|
||||
localRoot = "/tmp";
|
||||
};
|
||||
networking.firewall.enable = false;
|
||||
|
||||
users = {
|
||||
users.ftp-test-user = {
|
||||
isSystemUser = true;
|
||||
password = "ftp-test-password";
|
||||
group = "ftp-test-group";
|
||||
};
|
||||
groups.ftp-test-group = {};
|
||||
};
|
||||
};
|
||||
|
||||
client = {};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
client.start()
|
||||
server.wait_for_unit("vsftpd")
|
||||
server.wait_for_open_port("21")
|
||||
|
||||
client.succeed("curl -u ftp-test-user:ftp-test-password ftp://server")
|
||||
client.succeed('echo "this is a test" > /tmp/test.file.up')
|
||||
client.succeed("curl -v -T /tmp/test.file.up -u ftp-test-user:ftp-test-password ftp://server")
|
||||
client.succeed("curl -u ftp-test-user:ftp-test-password ftp://server/test.file.up > /tmp/test.file.down")
|
||||
client.succeed("diff /tmp/test.file.up /tmp/test.file.down")
|
||||
assert client.succeed("cat /tmp/test.file.up") == server.succeed("cat /tmp/test.file.up")
|
||||
assert client.succeed("cat /tmp/test.file.down") == server.succeed("cat /tmp/test.file.up")
|
||||
'';
|
||||
})
|
@ -1,4 +1,4 @@
|
||||
{ lib, stdenv, fetchurl, libcap, openssl, pam }:
|
||||
{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, nixosTests }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "vsftpd";
|
||||
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM=";
|
||||
};
|
||||
|
||||
buildInputs = [ libcap openssl pam ];
|
||||
buildInputs = [ libcap openssl libseccomp pam ];
|
||||
|
||||
patches = [ ./CVE-2015-1419.patch ];
|
||||
|
||||
@ -30,10 +30,14 @@ stdenv.mkDerivation rec {
|
||||
"CC=${stdenv.cc.targetPrefix}cc"
|
||||
];
|
||||
|
||||
NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap";
|
||||
NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap -lseccomp";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
passthru = {
|
||||
tests = { inherit (nixosTests) vsftpd; };
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "A very secure FTP daemon";
|
||||
license = licenses.gpl2;
|
||||
|
Loading…
Reference in New Issue
Block a user