diff options
| author | Florian Klink <flokli@flokli.de> | 2019-11-02 19:55:41 +0100 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2019-11-03 14:29:07 +0100 |
| commit | 52ed193ec7f167579b8acbb27d02283ae9e92eff (patch) | |
| tree | e49b2328310fdb2c5e3a5f92c759c3600d4d51a5 /nixos/tests | |
| parent | 29ac2262253cb2d1d330ed261353b98d3e03c706 (diff) | |
| download | nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.tar nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.tar.gz nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.tar.bz2 nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.tar.lz nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.tar.xz nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.tar.zst nixpkgs-52ed193ec7f167579b8acbb27d02283ae9e92eff.zip | |
nixosTests.systemd-nspawn: add test
This adds a test downloading an nspawn container via http, and ensures sha256sum verification and gpg signature verification work.
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/systemd-nspawn.nix | 58 |
2 files changed, 59 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 10564e063c6..67766cc1512 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -269,6 +269,7 @@ in systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {}; + systemd-nspawn = handleTest ./systemd-nspawn.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; diff --git a/nixos/tests/systemd-nspawn.nix b/nixos/tests/systemd-nspawn.nix new file mode 100644 index 00000000000..c2039bb5980 --- /dev/null +++ b/nixos/tests/systemd-nspawn.nix @@ -0,0 +1,58 @@ +import ./make-test.nix ({pkgs, lib, ...}: +let + gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } '' + mkdir -p $out + export GNUPGHOME=$out + cat > foo <<EOF + %echo Generating a basic OpenPGP key + %no-protection + Key-Type: DSA + Key-Length: 1024 + Subkey-Type: ELG-E + Subkey-Length: 1024 + Name-Real: Joe Tester + Name-Email: joe@foo.bar + Expire-Date: 0 + # Do a commit here, so that we can later print "done" + %commit + %echo done + EOF + gpg --batch --generate-key foo + rm $out/S.gpg-agent $out/S.gpg-agent.* + gpg --export joe@foo.bar -a > $out/pubkey.gpg + ''); + + nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } '' + mkdir -p $out + cd $out + dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5 + sha256sum testimage.raw > SHA256SUMS + export GNUPGHOME="$(mktemp -d)" + cp -R ${gpgKeyring}/* $GNUPGHOME + gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS + ''); +in { + name = "opensmtpd"; + + nodes = { + server = { pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts."server".root = nspawnImages; + }; + }; + client = { pkgs, ... }: { + environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg"; + }; + }; + + testScript = '' + startAll; + + $server->waitForUnit("nginx.service"); + $client->waitForUnit("network-online.target"); + $client->succeed("machinectl pull-raw --verify=signature http://server/testimage.raw"); + $client->succeed("cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw"); + ''; +}) |