blob: e8ba41812a8f56a184c9c3d75b927a599222f3df (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
import ./make-test-python.nix ({ lib, pkgs, ... }:
let inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
in {
name = "locate";
meta.maintainers = with pkgs.lib.maintainers; [ chkno ];
nodes = rec {
a = {
environment.systemPackages = with pkgs; [ sshfs ];
virtualisation.fileSystems = {
"/ssh" = {
device = "alice@b:/";
fsType = "fuse.sshfs";
options = [
"allow_other"
"IdentityFile=/privkey"
"noauto"
"StrictHostKeyChecking=no"
"UserKnownHostsFile=/dev/null"
];
};
};
services.locate = {
enable = true;
interval = "*:*:0/5";
};
};
b = {
services.openssh.enable = true;
users.users.alice = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
};
};
testScript = ''
start_all()
# Set up sshfs mount
a.succeed(
"(umask 077; cat ${snakeOilPrivateKey} > /privkey)"
)
b.succeed("touch /file-on-b-machine")
b.wait_for_open_port(22)
a.succeed("mkdir /ssh")
a.succeed("mount /ssh")
# Core locatedb functionality
a.succeed("touch /file-on-a-machine-1")
a.wait_for_file("/var/cache/locatedb")
a.wait_until_succeeds("locate file-on-a-machine-1")
# Wait for a second update to make sure we're using a locatedb from a run
# that began after the sshfs mount
a.succeed("touch /file-on-a-machine-2")
a.wait_until_succeeds("locate file-on-a-machine-2")
# We shouldn't be able to see files on the other machine
a.fail("locate file-on-b-machine")
'';
})
|
