test: Add signature test
This commit is contained in:
parent
ba0ec05e2b
commit
7dac2d81b0
4 changed files with 77 additions and 0 deletions
1
tests/cache-keys/privkey
Normal file
1
tests/cache-keys/privkey
Normal file
|
@ -0,0 +1 @@
|
|||
do.not.use-1:+Vtfnroj2hvBFPf5Vf6EXNn1kY9kJmgmrkOG23Qi451PUUA6e0PhhwoUpMybaMjNn2BhED781Jf9+NjPgUs1Lw==
|
1
tests/cache-keys/pubkey
Normal file
1
tests/cache-keys/pubkey
Normal file
|
@ -0,0 +1 @@
|
|||
do.not.use-1:T1FAOntD4YcKFKTMm2jIzZ9gYRA+/NSX/fjYz4FLNS8=
|
|
@ -5,4 +5,5 @@ let
|
|||
in
|
||||
{
|
||||
basic = pkgs.callPackage ./basic.nix { };
|
||||
signature = pkgs.callPackage ./signature.nix { };
|
||||
}
|
||||
|
|
74
tests/signature.nix
Normal file
74
tests/signature.nix
Normal file
|
@ -0,0 +1,74 @@
|
|||
{ pkgs }:
|
||||
let
|
||||
#hello = pkgs.hello.overrideAttrs { pname = "custom-hello"; };
|
||||
inherit (pkgs) hello;
|
||||
in
|
||||
pkgs.testers.runNixOSTest (_: {
|
||||
name = "cache signature upload test";
|
||||
nodes = {
|
||||
cache =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
./common
|
||||
../modules
|
||||
];
|
||||
|
||||
system.extraDependencies = [ hello ];
|
||||
|
||||
services.tvix-binary-cache = {
|
||||
enable = true;
|
||||
caches = {
|
||||
cache.port = 8000;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts.cache = {
|
||||
default = true;
|
||||
locations = {
|
||||
"/cache".return = "302 /cache/";
|
||||
"/cache/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/";
|
||||
};
|
||||
};
|
||||
extraConfig = "client_max_body_size 1G;";
|
||||
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
};
|
||||
client =
|
||||
{ lib, ... }:
|
||||
{
|
||||
imports = [ ./common ];
|
||||
nix.settings = {
|
||||
substituters = lib.mkForce [ "http://cache/cache" ];
|
||||
trusted-public-keys = lib.mkForce [ (builtins.readFile ./cache-keys/pubkey) ];
|
||||
};
|
||||
};
|
||||
};
|
||||
testScript = ''
|
||||
import sys
|
||||
import time
|
||||
start_all()
|
||||
cache.wait_for_unit("nginx.service")
|
||||
cache.wait_for_unit("nar-bridge-cache.service")
|
||||
time.sleep(1)
|
||||
with subtest("Nar bridge home"):
|
||||
out = cache.succeed("curl -L http://127.0.0.1/cache")
|
||||
if out != "nar-bridge":
|
||||
sys.exit(1)
|
||||
with subtest("Path signature and copy"):
|
||||
# Sign
|
||||
cache.succeed("nix store sign -k ${./cache-keys/privkey} ${hello}")
|
||||
cache.succeed("nix copy --to 'http://127.0.0.1/cache/?compression=none' ${hello}")
|
||||
with subtest("Substitution"):
|
||||
client.succeed("nix-store --delete ${hello}")
|
||||
client.fail("stat ${hello}")
|
||||
client.succeed("nix-store -r ${hello}")
|
||||
client.succeed("stat ${hello}")
|
||||
'';
|
||||
})
|
Loading…
Reference in a new issue