From d5a8e667d265dc8ab11cea25fe7ee26b9b396536 Mon Sep 17 00:00:00 2001 From: nicoo Date: Sun, 12 Nov 2023 11:08:26 +0000 Subject: nixos/sudo: Update assertion message --- nixos/modules/security/sudo.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index ff912dec507..3dd5d2e525d 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -192,10 +192,12 @@ in ###### implementation config = mkIf cfg.enable { - assertions = [ - { assertion = cfg.package.pname != "sudo-rs"; - message = "The NixOS `sudo` module does not work with `sudo-rs` yet."; } - ]; + assertions = [ { + assertion = cfg.package.pname != "sudo-rs"; + message = '' + NixOS' `sudo` module does not support `sudo-rs`; see `security.sudo-rs` instead. + ''; + } ]; security.sudo.extraRules = let -- cgit 1.4.1 From f80b2b510db9b02e98fb2ba1042b755543c852cf Mon Sep 17 00:00:00 2001 From: Félix Baylac Jacqué Date: Sun, 12 Nov 2023 10:54:01 +0100 Subject: nixosTests/pleroma: fix test Two issues: 1. We need a subjectAltName on the TLS cert. Stolen from the akkoma test. <3 illdefined 2. There's a bug in the current toot release wrt. date parsing. It's been fixed upstream but it's not been released yet. Using the current toot master for this VM test to work around this. Note: I warned upstream we'd need a new toot release. Fixes https://github.com/NixOS/nixpkgs/issues/264951 --- nixos/tests/pleroma.nix | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'nixos') diff --git a/nixos/tests/pleroma.nix b/nixos/tests/pleroma.nix index 4f1aef85414..c80f48e52ed 100644 --- a/nixos/tests/pleroma.nix +++ b/nixos/tests/pleroma.nix @@ -25,6 +25,18 @@ import ./make-test-python.nix ({ pkgs, ... }: let + # Fix for https://github.com/ihabunek/toot/pull/405. Includes + # https://github.com/ihabunek/toot/pull/405. TOREMOVE when + # toot > 0.38.1 + patched-toot = pkgs.toot.overrideAttrs (old: { + version = "unstable-24-09-2023"; + src = pkgs.fetchFromGitHub { + owner = "ihabunek"; + repo = "toot"; + rev = "30857f570d64a26da80d0024227a8259f7cb65b5"; + sha256 = "sha256-BxrI7UY9bfqPzS+VLqCFSmu4PkIkvhntcEeNJb1AzOs="; + }; + }); send-toot = pkgs.writeScriptBin "send-toot" '' set -eux # toot is using the requests library internally. This library @@ -164,9 +176,12 @@ import ./make-test-python.nix ({ pkgs, ... }: ''; tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' - openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=pleroma.nixos.test' -days 36500 mkdir -p $out - cp key.pem cert.pem $out + openssl req -x509 \ + -subj '/CN=pleroma.nixos.test/' -days 49710 \ + -addext 'subjectAltName = DNS:pleroma.nixos.test' \ + -keyout "$out/key.pem" -newkey ed25519 \ + -out "$out/cert.pem" -noenc ''; hosts = nodes: '' @@ -180,7 +195,7 @@ import ./make-test-python.nix ({ pkgs, ... }: security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ]; networking.extraHosts = hosts nodes; environment.systemPackages = with pkgs; [ - toot + patched-toot send-toot ]; }; -- cgit 1.4.1