diff options
author | Luflosi <luflosi@luflosi.de> | 2023-04-14 02:26:32 +0200 |
---|---|---|
committer | Luflosi <luflosi@luflosi.de> | 2023-04-15 15:24:58 +0200 |
commit | 929a00bd84acbf35447d3df1066b1c8afd7ac82d (patch) | |
tree | 5c1324eb2ca1abb67a8217545566851dd4d8bf93 /nixos/tests | |
parent | 409df93c01854b70606720a50da9bca283e8164e (diff) |
nixos/kubo: give normal users access to the daemon by default
Fixes https://github.com/NixOS/nixpkgs/issues/223289. This doesn't reduce the security in any way since it was already possible for normal users to do what I do here and create such a fake repo for themselves and set their $IPFS_PATH variable to it. It was and still is also possible to just use the --api CLI option. This change just removes the manual setup that would otherwise be required. We wouldn't need this workaround if https://github.com/ipfs/kubo/pull/9366 was merged but the fix seems to have been ignored upstream. Patching it ourselves seems like a bad idea since the patch has security implications.
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/kubo.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/nixos/tests/kubo.nix b/nixos/tests/kubo.nix index e0bd918150ac5..dfe653b5d2717 100644 --- a/nixos/tests/kubo.nix +++ b/nixos/tests/kubo.nix @@ -12,6 +12,9 @@ settings.Addresses.API = "/ip4/127.0.0.1/tcp/2324"; dataDir = "/mnt/ipfs"; }; + users.users.alice = { + isNormalUser = true; + }; }; nodes.fuse = { ... }: { @@ -25,6 +28,14 @@ testScript = '' start_all() + with subtest("Automatic socket activation"): + ipfs_hash = machine.succeed( + "echo fnord0 | su alice -l -c 'ipfs add --quieter'" + ) + machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord0") + + machine.stop_job("ipfs") + with subtest("IPv4 socket activation"): machine.succeed("ipfs --api /ip4/127.0.0.1/tcp/2324 id") ipfs_hash = machine.succeed( @@ -51,7 +62,7 @@ # See https://github.com/ipfs/kubo/issues/9044. # Workaround: using CID Version 1 avoids that. ipfs_hash = fuse.succeed( - "echo fnord3 | ipfs --api /ip4/127.0.0.1/tcp/2324 add --quieter --cid-version=1" + "echo fnord3 | ipfs add --quieter --cid-version=1" ).strip() fuse.succeed(f"cat /ipfs/{ipfs_hash} | grep fnord3") |