blob: 3af8e53779e3423b9f47546db97d1df9a67197ce (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
xxh-shell-zsh = pkgs.stdenv.mkDerivation {
pname = "xxh-shell-zsh";
version = "";
src = pkgs.fetchFromGitHub {
owner = "xxh";
repo = "xxh-shell-zsh";
# gets rarely updated, we can then just replace the hash
rev = "91e1f84f8d6e0852c3235d4813f341230cac439f";
sha256 = "sha256-Y1FrIRxTd0yooK+ZzKcCd6bLSy5E2fRXYAzrIsm7rIc=";
};
postPatch = ''
substituteInPlace build.sh \
--replace "echo Install wget or curl" "cp ${zsh-portable-binary} zsh-5.8-linux-x86_64.tar.gz" \
--replace "command -v curl" "command -v this-should-not-trigger"
'';
installPhase = ''
mkdir -p $out
mv * $out/
'';
};
zsh-portable-binary = pkgs.fetchurl {
# kept in sync with https://github.com/xxh/xxh-shell-zsh/tree/master/build.sh#L27
url = "https://github.com/romkatv/zsh-bin/releases/download/v3.0.1/zsh-5.8-linux-x86_64.tar.gz";
sha256 = "sha256-i8flMd2Isc0uLoeYQNDnOGb/kK3oTFVqQgIx7aOAIIo=";
};
in
{
name = "xxh";
meta = with lib.maintainers; {
maintainers = [ lom ];
};
nodes = {
server = { ... }: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
client = { ... }: {
programs.zsh.enable = true;
users.users.root.shell = pkgs.zsh;
environment.systemPackages = with pkgs; [ xxh git ];
};
};
testScript = ''
start_all()
client.succeed("mkdir -m 700 /root/.ssh")
client.succeed(
"cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa"
)
client.succeed("chmod 600 /root/.ssh/id_ecdsa")
server.wait_for_unit("sshd")
client.succeed("xxh server -i /root/.ssh/id_ecdsa +hc \'echo $0\' +i +s zsh +I xxh-shell-zsh+path+${xxh-shell-zsh} | grep -Fq '/root/.xxh/.xxh/shells/xxh-shell-zsh/build/zsh-bin/bin/zsh'")
'';
})
|