diff options
| author | 0x4A6F <0x4A6F@users.noreply.github.com> | 2021-12-18 16:10:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-18 16:10:20 +0100 |
| commit | f0b399ca33dd89da4048518d4ae2fb67c95ad2d5 (patch) | |
| tree | 576be81d05a7bb0d556a4cef1069a0c4d4ea1ee9 | |
| parent | Merge pull request #151183 from NixOS/backport-151124-to-release-21.11 (diff) | |
| parent | unifi: Disable unsupported options in NixOS tests (diff) | |
| download | nixpkgs-f0b399ca33dd89da4048518d4ae2fb67c95ad2d5.tar.gz | |
Merge pull request #151179 from NixOS/backport-151145-to-release-21.11
[Backport release-21.11] unifi5: Follow new mitigation guidelines
| -rw-r--r-- | nixos/modules/services/networking/unifi.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/unifi.nix | 34 | ||||
| -rw-r--r-- | pkgs/servers/unifi/default.nix | 18 |
4 files changed, 48 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 174e919f988b..53ad4df477fc 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -7,7 +7,6 @@ let @${cfg.jrePackage}/bin/java java \ ${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \ ${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \ - ${optionalString (lib.versionOlder cfg.unifiPackage.version "6.5.54") "-Dlog4j2.formatMsgNoLookups=true"} \ -jar ${stateDir}/lib/ace.jar ''; in diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3a578179eb5b..a1b7e2b732c2 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -477,6 +477,7 @@ in ucarp = handleTest ./ucarp.nix {}; udisks2 = handleTest ./udisks2.nix {}; unbound = handleTest ./unbound.nix {}; + unifi = handleTest ./unifi.nix {}; unit-php = handleTest ./web-servers/unit-php.nix {}; upnp = handleTest ./upnp.nix {}; usbguard = handleTest ./usbguard.nix {}; diff --git a/nixos/tests/unifi.nix b/nixos/tests/unifi.nix new file mode 100644 index 000000000000..dde7e21a199a --- /dev/null +++ b/nixos/tests/unifi.nix @@ -0,0 +1,34 @@ +# Test UniFi controller + +{ system ? builtins.currentSystem +, config ? { allowUnfree = true; } +, pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +let + makeAppTest = unifi: makeTest { + name = "unifi-controller-${unifi.version}"; + meta = with pkgs.lib.maintainers; { + maintainers = [ zhaofengli ]; + }; + + nodes.server = { + services.unifi = { + enable = true; + unifiPackage = unifi; + }; + }; + + testScript = '' + server.wait_for_unit("unifi.service") + server.wait_until_succeeds("curl -Lk https://localhost:8443 >&2", timeout=300) + ''; + }; +in with pkgs; { + unifiLTS = makeAppTest unifiLTS; + unifi5 = makeAppTest unifi5; + unifi6 = makeAppTest unifi6; +} diff --git a/pkgs/servers/unifi/default.nix b/pkgs/servers/unifi/default.nix index b4c1d9739efd..33f5044cb764 100644 --- a/pkgs/servers/unifi/default.nix +++ b/pkgs/servers/unifi/default.nix @@ -1,10 +1,9 @@ -{ lib, stdenv, dpkg, fetchurl }: +{ lib, stdenv, dpkg, fetchurl, zip, nixosTests }: let - generic = { version, sha256, suffix ? "" }: - stdenv.mkDerivation { + generic = { version, sha256, suffix ? "", ... } @ args: + stdenv.mkDerivation (args // { pname = "unifi-controller"; - inherit version; src = fetchurl { url = "https://dl.ubnt.com/unifi/${version}${suffix}/unifi_sysvinit_all.deb"; @@ -29,6 +28,10 @@ let runHook postInstall ''; + passthru.tests = { + unifi = nixosTests.unifi; + }; + meta = with lib; { homepage = "http://www.ubnt.com/"; description = "Controller for Ubiquiti UniFi access points"; @@ -36,7 +39,7 @@ let platforms = platforms.unix; maintainers = with maintainers; [ erictapen globin patryk27 pennae ]; }; - }; + }); in rec { # see https://community.ui.com/releases / https://www.ui.com/download/unifi @@ -49,6 +52,11 @@ in rec { unifi5 = generic { version = "5.14.23"; sha256 = "1aar05yjm3z5a30x505w4kakbyz35i7mk7xyg0wm4ml6h94d84pv"; + + postInstall = '' + # Remove when log4j is updated to 2.12.2 or 2.16.0. + ${zip}/bin/zip -q -d $out/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class + ''; }; unifi6 = generic { |