-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test(nixos): add integration test for doubly-compressed content
Add an integration test with a compressing proxy (nginx is used). This test verifies that fetched archives do not get decompressed excessively.
- Loading branch information
Showing
2 changed files
with
73 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| # Test that compressed files fetched from server with compressed responses | ||
| # do not get excessively decompressed. | ||
| # E.g. fetching a zstd compressed tarball from a server, | ||
| # which compresses the response with `Content-Encoding: gzip`. | ||
| # The expected result is that the fetched file is a zstd archive. | ||
|
|
||
| { lib, config, ... }: | ||
|
|
||
| let | ||
| pkgs = config.nodes.machine.nixpkgs.pkgs; | ||
|
|
||
| ztdCompressedFile = pkgs.stdenv.mkDerivation { | ||
| name = "dummy-zstd-compressed-archive"; | ||
| dontUnpack = true; | ||
| nativeBuildInputs = with pkgs; [ zstd ]; | ||
| buildPhase = '' | ||
| mkdir archive | ||
| for _ in {1..100}; do echo "lorem" > archive/file1; done | ||
| for _ in {1..100}; do echo "ipsum" > archive/file2; done | ||
| tar --zstd -cf archive.tar.zst archive | ||
| ''; | ||
| installPhase = '' | ||
| install -Dm 644 -T archive.tar.zst $out/share/archive | ||
| ''; | ||
| }; | ||
|
|
||
| fileCmd = "${pkgs.file}/bin/file"; | ||
| in | ||
|
|
||
| { | ||
| name = "gzip-content-encoding"; | ||
|
|
||
| nodes = | ||
| { machine = | ||
| { config, pkgs, ... }: | ||
| { networking.firewall.allowedTCPPorts = [ 80 ]; | ||
|
|
||
| services.nginx.enable = true; | ||
| services.nginx.virtualHosts."localhost" = | ||
| { root = "${ztdCompressedFile}/share/"; | ||
| # Make sure that nginx really tries to compress the | ||
| # file on the fly with no regard to size/mime. | ||
| # http://nginx.org/en/docs/http/ngx_http_gzip_module.html | ||
| extraConfig = '' | ||
| gzip on; | ||
| gzip_types *; | ||
| gzip_proxied any; | ||
| gzip_min_length 0; | ||
| ''; | ||
| }; | ||
| virtualisation.writableStore = true; | ||
| virtualisation.additionalPaths = with pkgs; [ file ]; | ||
| nix.settings.substituters = lib.mkForce [ ]; | ||
| }; | ||
| }; | ||
|
|
||
| # Check that when nix-prefetch-url is used with a zst tarball it does not get decompressed. | ||
| testScript = { nodes }: '' | ||
| # fmt: off | ||
| start_all() | ||
| machine.wait_for_unit("nginx.service") | ||
| machine.succeed(""" | ||
| # Make sure that the file is properly compressed as the test would be meaningless otherwise | ||
| curl --compressed -v http://localhost/archive |& tr -s ' ' |& grep --ignore-case 'content-encoding: gzip' | ||
| archive_path=$(nix-prefetch-url http://localhost/archive --print-path | tail -n1) | ||
| [[ $(${fileCmd} --brief --mime-type $archive_path) == "application/zstd" ]] | ||
| tar --zstd -xf $archive_path | ||
| """) | ||
| ''; | ||
| } |