From 86f0dc221f7a0291e87d3b311393a018a92cfbda Mon Sep 17 00:00:00 2001
From: Scott Worley <scottworley@scottworley.com>
Date: Sun, 22 Nov 2020 21:57:00 -0800
Subject: nixos/locate: Exclude fuse.sshfs

The "fuse" and "sshfs" entries already present are not keeping this find
invocation out of sshfs mounts, which present as fstype "fuse.sshfs"
---
 nixos/modules/misc/locate.nix |  1 +
 nixos/tests/locate.nix        | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix
index 411f5e05835..426281c9412 100644
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@@ -98,6 +98,7 @@ in {
         "ftpfs"
         "fuse"
         "fusectl"
+        "fuse.sshfs"
         "gfs"
         "gfs2"
         "hostfs"
diff --git a/nixos/tests/locate.nix b/nixos/tests/locate.nix
index d351410be30..8818607f955 100644
--- a/nixos/tests/locate.nix
+++ b/nixos/tests/locate.nix
@@ -6,16 +6,57 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
 
     nodes = rec {
       a = {
+        environment.systemPackages = with pkgs; [ sshfs ];
+        fileSystems = lib.mkVMOverride {
+          "/ssh" = {
+            device = "alice@b:/";
+            fsType = "fuse.sshfs";
+            options = [
+              "allow_other"
+              "IdentityFile=/privkey"
+              "noauto"
+              "StrictHostKeyChecking=no"
+              "UserKnownHostsFile=/dev/null"
+            ];
+          };
+        };
         services.locate = {
           enable = true;
           interval = "*:*:0/5";
         };
       };
+      b = {
+        services.openssh.enable = true;
+        users.users.alice = {
+          isNormalUser = true;
+          openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
+        };
+      };
     };
 
     testScript = ''
+      start_all()
+
+      # Set up sshfs mount
+      a.succeed(
+          "(umask 077; cat ${snakeOilPrivateKey} > /privkey)"
+      )
+      b.succeed("touch /file-on-b-machine")
+      b.wait_for_open_port(22)
+      a.succeed("mkdir /ssh")
+      a.succeed("mount /ssh")
+
+      # Core locatedb functionality
       a.succeed("touch /file-on-a-machine-1")
       a.wait_for_file("/var/cache/locatedb")
       a.wait_until_succeeds("locate file-on-a-machine-1")
+
+      # Wait for a second update to make sure we're using a locatedb from a run
+      # that began after the sshfs mount
+      a.succeed("touch /file-on-a-machine-2")
+      a.wait_until_succeeds("locate file-on-a-machine-2")
+
+      # We shouldn't be able to see files on the other machine
+      a.fail("locate file-on-b-machine")
     '';
   })
-- 
cgit 1.4.1