about summary refs log tree commit diff
path: root/nixos/tests/xxh.nix
blob: 3af8e53779e3423b9f47546db97d1df9a67197ce (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import ./make-test-python.nix ({ pkgs, lib, ... }:

  let
    inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
    xxh-shell-zsh = pkgs.stdenv.mkDerivation {
      pname = "xxh-shell-zsh";
      version = "";
      src = pkgs.fetchFromGitHub {
        owner = "xxh";
        repo = "xxh-shell-zsh";
        # gets rarely updated, we can then just replace the hash
        rev = "91e1f84f8d6e0852c3235d4813f341230cac439f";
        sha256 = "sha256-Y1FrIRxTd0yooK+ZzKcCd6bLSy5E2fRXYAzrIsm7rIc=";
      };

      postPatch = ''
        substituteInPlace build.sh \
          --replace "echo Install wget or curl" "cp ${zsh-portable-binary} zsh-5.8-linux-x86_64.tar.gz" \
          --replace "command -v curl" "command -v this-should-not-trigger"
      '';

      installPhase = ''
        mkdir -p $out
        mv * $out/
      '';
    };

    zsh-portable-binary = pkgs.fetchurl {
      # kept in sync with https://github.com/xxh/xxh-shell-zsh/tree/master/build.sh#L27
      url = "https://github.com/romkatv/zsh-bin/releases/download/v3.0.1/zsh-5.8-linux-x86_64.tar.gz";
      sha256 = "sha256-i8flMd2Isc0uLoeYQNDnOGb/kK3oTFVqQgIx7aOAIIo=";
    };
  in
  {
    name = "xxh";
    meta = with lib.maintainers; {
      maintainers = [ lom ];
    };

    nodes = {
      server = { ... }: {
        services.openssh.enable = true;
        users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
      };

      client = { ... }: {
        programs.zsh.enable = true;
        users.users.root.shell = pkgs.zsh;
        environment.systemPackages = with pkgs; [ xxh git ];
      };
    };

    testScript = ''
      start_all()

      client.succeed("mkdir -m 700 /root/.ssh")

      client.succeed(
         "cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa"
      )
      client.succeed("chmod 600 /root/.ssh/id_ecdsa")

      server.wait_for_unit("sshd")

      client.succeed("xxh server -i /root/.ssh/id_ecdsa +hc \'echo $0\' +i +s zsh +I xxh-shell-zsh+path+${xxh-shell-zsh} | grep -Fq '/root/.xxh/.xxh/shells/xxh-shell-zsh/build/zsh-bin/bin/zsh'")
    '';
  })