1. 17 Dec, 2021 5 commits
  2. 16 Dec, 2021 7 commits
  3. 15 Dec, 2021 6 commits
  4. 14 Dec, 2021 3 commits
  5. 13 Dec, 2021 10 commits
  6. 12 Dec, 2021 7 commits
  7. 10 Dec, 2021 2 commits
    • Kirill Smelkov's avatar
      fixup! component/nxdtest: Prepare for nxdtest!13 · aa6f42e2
      Kirill Smelkov authored
      Fix the following build failure in nxdtest's own test:
      
          [2021-12-10 15:57:15,142] INFO     While:
          [2021-12-10 15:57:15,142] INFO       Installing.
          [2021-12-10 15:57:15,142] INFO       Getting section python-interpreter.
          [2021-12-10 15:57:15,142] INFO       Initializing section python-interpreter.
          [2021-12-10 15:57:15,142] INFO       Getting option python-interpreter:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting section nxdtest.
          [2021-12-10 15:57:15,142] INFO       Initializing section nxdtest.
          [2021-12-10 15:57:15,142] INFO       Getting option nxdtest:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting section .nxdtest.pyexe.
          [2021-12-10 15:57:15,142] INFO       Initializing section .nxdtest.pyexe.
          [2021-12-10 15:57:15,142] INFO       Getting option .nxdtest.pyexe:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting option nxdtest:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting option .nxdtest.pyexe:eggs.
          [2021-12-10 15:57:15,142] INFO     Error: Circular reference in substitutions.
      
      This is hot, not a proper, fix to recover nxdtest.UnitTest-Master status.
      I will think more calmly what to properly do.
      aa6f42e2
    • Kirill Smelkov's avatar
      golang += patches to fix tests under user namespaces · 71ced145
      Kirill Smelkov authored
      If we enter user namespace via regular unshare without help from SUID
      newuidmap/newgidmap, all supplementary groups are mapped to -1. As the result
      when Go test tries to chown to a supplementary group, it gets EINVAL:
      
      https://github.com/golang/go/issues/42525
      
      -> work it around with patch to skip this chown tests.
      
      A more proper, longer-term fix would be to fix Linux kernel to allow writes to
      /proc/self/gid_map to setup mapping not only to original gid, but to all
      original supplementary groups as well here:
      
      https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c?id=v5.16-rc4-0-g0fcfb00b28c0#n1143
      
      this fix, even if accepted by upstream, would be long to be waited for to
      propagate to distribution kernels that we currently use. So we go with this
      workaround for now.
      
      --------
      
      Another patch is to fix the following TestSCMCredentials failure:
      
          === RUN   TestSCMCredentials
              creds_test.go:81: WriteMsgUnix failed with invalid argument, want EPERM
          --- FAIL: TestSCMCredentials (0.00s)
      
      There the code tries to send uid0/gid0 credentials from non-zero uid and
      expects EPERM reject from kernel. However under `unshare -Umc` uid0/gid0 are
      not mapped to anywhere and so implicitly map to -1 and are rejected with EINVAL
      by the kernel.
      
      /reviewed-by @jerome
      /reviewed-on nexedi/slapos!1095
      71ced145