pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / pass-secret-service.nix
at 23.05-pre 2.7 kB view raw
1import ./make-test-python.nix ({ pkgs, lib, ... }: { 2 name = "pass-secret-service"; 3 meta.maintainers = with lib; [ aidalgol ]; 4 5 nodes.machine = { nodes, pkgs, ... }: 6 { 7 imports = [ ./common/user-account.nix ]; 8 9 services.passSecretService.enable = true; 10 11 environment.systemPackages = [ 12 # Create a script that tries to make a request to the D-Bus secrets API. 13 (pkgs.writers.writePython3Bin "secrets-dbus-init" 14 { 15 libraries = [ pkgs.python3Packages.secretstorage ]; 16 } '' 17 import secretstorage 18 print("Initializing dbus connection...") 19 connection = secretstorage.dbus_init() 20 print("Requesting default collection...") 21 collection = secretstorage.get_default_collection(connection) 22 print("Done! dbus-org.freedesktop.secrets should now be active.") 23 '') 24 pkgs.pass 25 ]; 26 27 programs.gnupg = { 28 agent.enable = true; 29 agent.pinentryFlavor = "tty"; 30 dirmngr.enable = true; 31 }; 32 }; 33 34 # Some of the commands are run via a virtual console because they need to be 35 # run under a real login session, with D-Bus running in the environment. 36 testScript = { nodes, ... }: 37 let 38 user = nodes.machine.config.users.users.alice; 39 gpg-uid = "alice@example.net"; 40 gpg-pw = "foobar9000"; 41 ready-file = "/tmp/secrets-dbus-init.done"; 42 in 43 '' 44 # Initialise the pass(1) storage. 45 machine.succeed(""" 46 sudo -u alice gpg --pinentry-mode loopback --batch --passphrase ${gpg-pw} \ 47 --quick-gen-key ${gpg-uid} \ 48 """) 49 machine.succeed("sudo -u alice pass init ${gpg-uid}") 50 51 with subtest("Service is not running on login"): 52 machine.wait_until_tty_matches("1", "login: ") 53 machine.send_chars("alice\n") 54 machine.wait_until_tty_matches("1", "login: alice") 55 machine.wait_until_succeeds("pgrep login") 56 machine.wait_until_tty_matches("1", "Password: ") 57 machine.send_chars("${user.password}\n") 58 machine.wait_until_succeeds("pgrep -u alice bash") 59 60 _, output = machine.systemctl("status dbus-org.freedesktop.secrets --no-pager", "alice") 61 assert "Active: inactive (dead)" in output 62 63 with subtest("Service starts after a client tries to talk to the D-Bus API"): 64 machine.send_chars("secrets-dbus-init; touch ${ready-file}\n") 65 machine.wait_for_file("${ready-file}") 66 _, output = machine.systemctl("status dbus-org.freedesktop.secrets --no-pager", "alice") 67 assert "Active: active (running)" in output 68 ''; 69})