diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2020-12-12 09:29:40 +0100 |
---|---|---|
committer | Jörg Thalheim <joerg@thalheim.io> | 2021-07-18 08:51:17 +0200 |
commit | ac7b8724b59974c0d74f2feacc4a2a787a5cf122 (patch) | |
tree | 054235c04fe0a7e21a78d187a90dd49a5c41cf95 /nixos/tests/nix-serve.nix | |
parent | 2489eb5e4516aab575ab114b7e0a3e1b5c5daca7 (diff) |
nixos/nix-serve: don't run as nogroup
nogroup is insecure if shared
Diffstat (limited to 'nixos/tests/nix-serve.nix')
-rw-r--r-- | nixos/tests/nix-serve.nix | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos/tests/nix-serve.nix b/nixos/tests/nix-serve.nix new file mode 100644 index 0000000000000..ab82f4be43e68 --- /dev/null +++ b/nixos/tests/nix-serve.nix @@ -0,0 +1,22 @@ +import ./make-test-python.nix ({ pkgs, ... }: +{ + name = "nix-serve"; + machine = { pkgs, ... }: { + services.nix-serve.enable = true; + environment.systemPackages = [ + pkgs.hello + ]; + }; + testScript = let + pkgHash = builtins.head ( + builtins.match "${builtins.storeDir}/([^-]+).+" (toString pkgs.hello) + ); + in '' + start_all() + machine.wait_for_unit("nix-serve.service") + machine.wait_for_open_port(5000) + machine.succeed( + "curl --fail -g http://0.0.0.0:5000/nar/${pkgHash}.nar -o /tmp/hello.nar" + ) + ''; +}) |