-
Notifications
You must be signed in to change notification settings - Fork 487
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integration test fails inside Nix sandbox #333
Comments
I'd be happy to add a build tag to make tests for that package skippable. I won't be able to work on this for a few more days, but if you want to take a shot at it, you're more than welcome to! |
For now, while packaging this in nixpkgs I simply removed Inside Nix sandboxed builds, |
This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
still relevant.
|
This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
Hey @flokli, is this still a problem? Are there any other tests that are failing inside Nix that we can filter out? |
Okay, build flags seem to be the way to add conditional tests. We could add a But I'm not about the naming. I don't want to disable all these tests. Some integrations tests seem to work, even inside the sandbox. Should we skip them too, or call this flag Why does the redis integration test not fail? I do see
|
Sorry for taking so long to get back to you @flokli, things have been busy and I lost track of some of these issues. This is a really interesting problem to have, and I'm not sure how to break this down. What are the limitations of the sandbox? No network, no access to host folders like /sys or /dev that something like node_exporter might use? It's starting to sound more and more like we might just need a |
No worries, thanks for getting back to me! :-)
Yeah, certainly no network access, only private networking. I assume the sandbox also prevents access to some of these folders, to rule out hardware-specific impurities leaking into builds. It's not super well documented, but https://github.com/NixOS/nix/blob/bedd12ec14062bb23bbd87dd892219b84abbcce9/src/libstore/build/local-derivation-goal.cc#L1580 should get you an idea if you want to know exactly. -- More generally: What are the tests supposed to test? Why do the redis ones succeed, even though there's obviously no redis database started, and why does the node-exporter one fail even though it might only not be able to get some metrics? |
Thanks, this is helpful!
I don't think we've been very consistent in testing these, but for integrations in particular, I'd say there's a few things we'd be interested in looking at:
The first case can probably just be performed as a unit test safely within a sandbox. The second case almost always requires network access (or root FS access for node_exporter), and it sounds like that's where we'd want to start using the sandbox flag. |
Yeah, this sounds like a good plan 👍 |
I'd like to close this as part of our normal bug cleanup process. If we run into similar issues again, we can open a new issue for tracking. |
I tried packaging
grafana/agent
for NixOS, and ran into an issue while running the tests:Apparently the node exporter integration test tries to access
/sys
, which doesn't quite work in that sandboxed environment. Could the test be skipped in such cases?The text was updated successfully, but these errors were encountered: