From c85cf60c833b99bc3b84aa0f5f2d20c5d6a39cc3 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 16 Sep 2017 11:47:21 +0200
Subject: [PATCH 1/3] nixos/tests: move sysctl test to misc

---
 nixos/release-combined.nix |  1 -
 nixos/release.nix          |  1 -
 nixos/tests/misc.nix       |  9 +++++++++
 nixos/tests/sysctl.nix     | 25 -------------------------
 4 files changed, 9 insertions(+), 27 deletions(-)
 delete mode 100644 nixos/tests/sysctl.nix

diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
index a7ceb104b57..f5b988501f9 100644
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@@ -119,7 +119,6 @@ in rec {
         (all nixos.tests.sddm.default)
         (all nixos.tests.simple)
         (all nixos.tests.slim)
-        nixos.tests.sysctl.x86_64-linux # i686 fails
         (all nixos.tests.udisks2)
         (all nixos.tests.xfce)
 
diff --git a/nixos/release.nix b/nixos/release.nix
index 38c446c1f8a..4eeefad9cab 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -313,7 +313,6 @@ in rec {
   tests.slim = callTest tests/slim.nix {};
   tests.smokeping = callTest tests/smokeping.nix {};
   tests.snapper = callTest tests/snapper.nix {};
-  tests.sysctl = callTest tests/sysctl.nix {};
   tests.taskserver = callTest tests/taskserver.nix {};
   tests.tomcat = callTest tests/tomcat.nix {};
   tests.udisks2 = callTest tests/udisks2.nix {};
diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix
index 1b24551009c..222b60ab24a 100644
--- a/nixos/tests/misc.nix
+++ b/nixos/tests/misc.nix
@@ -25,6 +25,7 @@ import ./make-test.nix ({ pkgs, ...} : {
         };
       users.users.sybil = { isNormalUser = true; group = "wheel"; };
       security.sudo = { enable = true; wheelNeedsPassword = false; };
+      boot.kernel.sysctl."vm.swappiness" = 1;
     };
 
   testScript =
@@ -117,5 +118,13 @@ import ./make-test.nix ({ pkgs, ...} : {
       subtest "sudo", sub {
           $machine->succeed("su - sybil -c 'sudo true'");
       };
+
+      # Test sysctl
+      subtest "sysctl", sub {
+          $machine->waitForUnit("systemd-sysctl.service");
+          $machine->succeed('[ `sysctl -ne vm.swappiness` = 1 ]');
+          $machine->execute('sysctl vm.swappiness=60');
+          $machine->succeed('[ `sysctl -ne vm.swappiness` = 60 ]');
+      };
     '';
 })
diff --git a/nixos/tests/sysctl.nix b/nixos/tests/sysctl.nix
deleted file mode 100644
index d7220cabb22..00000000000
--- a/nixos/tests/sysctl.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : {
-  name = "sysctl";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ nequissimus ];
-  };
-
-  machine = { config, lib, pkgs, ... }:
-    {
-      boot.kernelPackages = pkgs.linuxPackages;
-      boot.kernel.sysctl = {
-        "kernel.dmesg_restrict" = true; # Restrict dmesg access
-        "net.core.bpf_jit_enable" = false; # Turn off bpf JIT
-        "user.max_user_namespaces" = 0; # Disable user namespaces
-        "vm.swappiness" = 2; # Low swap usage
-      };
-    };
-
-  testScript =
-    ''
-      $machine->succeed("sysctl kernel.dmesg_restrict | grep 'kernel.dmesg_restrict = 1'");
-      $machine->succeed("sysctl net.core.bpf_jit_enable | grep 'net.core.bpf_jit_enable = 0'");
-      $machine->succeed("sysctl user.max_user_namespaces | grep 'user.max_user_namespaces = 0'");
-      $machine->succeed("sysctl vm.swappiness | grep 'vm.swappiness = 2'");
-    '';
-})

From ffd56ba4f6388abfe5290fc411a8ffb27e9d5d30 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 16 Sep 2017 11:47:50 +0200
Subject: [PATCH 2/3] nixos/tests: move kernel-params test to misc

---
 nixos/release-combined.nix    |  1 -
 nixos/release.nix             |  1 -
 nixos/tests/kernel-params.nix | 24 ------------------------
 nixos/tests/misc.nix          |  6 ++++++
 4 files changed, 6 insertions(+), 26 deletions(-)
 delete mode 100644 nixos/tests/kernel-params.nix

diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
index f5b988501f9..9a64d32e66c 100644
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@@ -96,7 +96,6 @@ in rec {
         nixos.tests.plasma5.x86_64-linux # avoid big build on i686
         (all nixos.tests.kernel-latest)
         (all nixos.tests.kernel-lts)
-        (all nixos.tests.kernel-params)
         #(all nixos.tests.lightdm)
         (all nixos.tests.login)
         (all nixos.tests.misc)
diff --git a/nixos/release.nix b/nixos/release.nix
index 4eeefad9cab..f8d2e314532 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -267,7 +267,6 @@ in rec {
   tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};
   tests.kernel-latest = callTest tests/kernel-latest.nix {};
   tests.kernel-lts = callTest tests/kernel-lts.nix {};
-  tests.kernel-params = callTest tests/kernel-params.nix {};
   tests.keystone = callTest tests/keystone.nix {};
   tests.kubernetes = hydraJob (import tests/kubernetes.nix { system = "x86_64-linux"; });
   tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; };
diff --git a/nixos/tests/kernel-params.nix b/nixos/tests/kernel-params.nix
deleted file mode 100644
index 14a39335691..00000000000
--- a/nixos/tests/kernel-params.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : {
-  name = "kernel-params";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ nequissimus ];
-  };
-
-  machine = { config, lib, pkgs, ... }:
-    {
-      boot.kernelPackages = pkgs.linuxPackages;
-      boot.kernelParams = [
-        "nohibernate"
-        "page_poison=1"
-        "vsyscall=none"
-      ];
-    };
-
-  testScript =
-    ''
-      $machine->fail("cat /proc/cmdline | grep page_poison=0");
-      $machine->succeed("cat /proc/cmdline | grep nohibernate");
-      $machine->succeed("cat /proc/cmdline | grep page_poison=1");
-      $machine->succeed("cat /proc/cmdline | grep vsyscall=none");
-    '';
-})
diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix
index 222b60ab24a..79290861cb0 100644
--- a/nixos/tests/misc.nix
+++ b/nixos/tests/misc.nix
@@ -26,6 +26,7 @@ import ./make-test.nix ({ pkgs, ...} : {
       users.users.sybil = { isNormalUser = true; group = "wheel"; };
       security.sudo = { enable = true; wheelNeedsPassword = false; };
       boot.kernel.sysctl."vm.swappiness" = 1;
+      boot.kernelParams = [ "vsyscall=emulate" ];
     };
 
   testScript =
@@ -126,5 +127,10 @@ import ./make-test.nix ({ pkgs, ...} : {
           $machine->execute('sysctl vm.swappiness=60');
           $machine->succeed('[ `sysctl -ne vm.swappiness` = 60 ]');
       };
+
+      # Test boot parameters
+      subtest "bootparam", sub {
+          $machine->succeed('grep -Fq vsyscall=emulate /proc/cmdline');
+      };
     '';
 })

From e05459584e25e6917234e987e8133993f4707f26 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 16 Sep 2017 12:43:13 +0200
Subject: [PATCH 3/3] nixos/release-combined: remove basic kernel tests

Arguably, breaking linux-latest should not block a release.  Also, booting
the kernel + basic sanity checking is implicitly exercised by every other
vm test.
---
 nixos/release-combined.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
index 9a64d32e66c..f61d80f5599 100644
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@@ -94,8 +94,6 @@ in rec {
         (all nixos.tests.keymap.neo)
         (all nixos.tests.keymap.qwertz)
         nixos.tests.plasma5.x86_64-linux # avoid big build on i686
-        (all nixos.tests.kernel-latest)
-        (all nixos.tests.kernel-lts)
         #(all nixos.tests.lightdm)
         (all nixos.tests.login)
         (all nixos.tests.misc)