diff options
author | Aidan Gauland <aidalgol+git@fastmail.net> | 2022-04-16 17:18:57 +1200 |
---|---|---|
committer | Aidan Gauland <aidalgol@fastmail.net> | 2022-07-12 07:33:26 +1200 |
commit | d9119dbbdfc3b2224a61c9f696191e033dc13fbd (patch) | |
tree | 2436a40df3f4b0ca536d33255cca23095c6455cb /nixos/tests/pass-secret-service.nix | |
parent | de5b3dd17034e6106e75746e81618e5bd408de8a (diff) |
pass-secret-service: unstable-2020-04-12 -> unstable-2022-03-21
* Update to the latest upstream version of pass-secret-service that includes systemd service files. * Add patch to fix use of a function that has been removed from the Python Cryptography library in NixOS 22.05 * Install systemd service files in the Nix package. * Add NixOS test to ensure the D-Bus API activates the service unit. * Add myself as a maintainer to the package and NixOS test. * Use checkTarget instead of equivalent custom checkPhase.
Diffstat (limited to 'nixos/tests/pass-secret-service.nix')
-rw-r--r-- | nixos/tests/pass-secret-service.nix | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/nixos/tests/pass-secret-service.nix b/nixos/tests/pass-secret-service.nix new file mode 100644 index 0000000000000..a85a508bfe16b --- /dev/null +++ b/nixos/tests/pass-secret-service.nix @@ -0,0 +1,69 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "pass-secret-service"; + meta.maintainers = with lib; [ aidalgol ]; + + nodes.machine = { nodes, pkgs, ... }: + { + imports = [ ./common/user-account.nix ]; + + services.passSecretService.enable = true; + + environment.systemPackages = [ + # Create a script that tries to make a request to the D-Bus secrets API. + (pkgs.writers.writePython3Bin "secrets-dbus-init" + { + libraries = [ pkgs.python3Packages.secretstorage ]; + } '' + import secretstorage + print("Initializing dbus connection...") + connection = secretstorage.dbus_init() + print("Requesting default collection...") + collection = secretstorage.get_default_collection(connection) + print("Done! dbus-org.freedesktop.secrets should now be active.") + '') + pkgs.pass + ]; + + programs.gnupg = { + agent.enable = true; + agent.pinentryFlavor = "tty"; + dirmngr.enable = true; + }; + }; + + # Some of the commands are run via a virtual console because they need to be + # run under a real login session, with D-Bus running in the environment. + testScript = { nodes, ... }: + let + user = nodes.machine.config.users.users.alice; + gpg-uid = "alice@example.net"; + gpg-pw = "foobar9000"; + ready-file = "/tmp/secrets-dbus-init.done"; + in + '' + # Initialise the pass(1) storage. + machine.succeed(""" + sudo -u alice gpg --pinentry-mode loopback --batch --passphrase ${gpg-pw} \ + --quick-gen-key ${gpg-uid} \ + """) + machine.succeed("sudo -u alice pass init ${gpg-uid}") + + with subtest("Service is not running on login"): + machine.wait_until_tty_matches("1", "login: ") + machine.send_chars("alice\n") + machine.wait_until_tty_matches("1", "login: alice") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches("1", "Password: ") + machine.send_chars("${user.password}\n") + machine.wait_until_succeeds("pgrep -u alice bash") + + _, output = machine.systemctl("status dbus-org.freedesktop.secrets --no-pager", "alice") + assert "Active: inactive (dead)" in output + + with subtest("Service starts after a client tries to talk to the D-Bus API"): + machine.send_chars("secrets-dbus-init; touch ${ready-file}\n") + machine.wait_for_file("${ready-file}") + _, output = machine.systemctl("status dbus-org.freedesktop.secrets --no-pager", "alice") + assert "Active: active (running)" in output + ''; +}) |