nixos/tests/fscrypt.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / fscrypt.nix
at 23.11-pre 1.6 kB view raw
 1import ./make-test-python.nix ({ ... }:
 2{
 3  name = "fscrypt";
 4
 5  nodes.machine = { pkgs, ... }: {
 6    imports = [ ./common/user-account.nix ];
 7    security.pam.enableFscrypt = true;
 8  };
 9
10  testScript = ''
11    def login_as_alice():
12        machine.wait_until_tty_matches("1", "login: ")
13        machine.send_chars("alice\n")
14        machine.wait_until_tty_matches("1", "Password: ")
15        machine.send_chars("foobar\n")
16        machine.wait_until_tty_matches("1", "alice\@machine")
17
18
19    def logout():
20        machine.send_chars("logout\n")
21        machine.wait_until_tty_matches("1", "login: ")
22
23
24    machine.wait_for_unit("default.target")
25
26    with subtest("Enable fscrypt on filesystem"):
27        machine.succeed("tune2fs -O encrypt /dev/vda")
28        machine.succeed("fscrypt setup --quiet --force --time=1ms")
29
30    with subtest("Set up alice with an fscrypt-enabled home directory"):
31        machine.succeed("(echo foobar; echo foobar) | passwd alice")
32        machine.succeed("chown -R alice.users ~alice")
33        machine.succeed("echo foobar | fscrypt encrypt --skip-unlock --source=pam_passphrase --user=alice /home/alice")
34
35    with subtest("Create file as alice"):
36      login_as_alice()
37      machine.succeed("echo hello > /home/alice/world")
38      logout()
39      # Wait for logout to be processed
40      machine.sleep(1)
41
42    with subtest("File should not be readable without being logged in as alice"):
43      machine.fail("cat /home/alice/world")
44
45    with subtest("File should be readable again as alice"):
46      login_as_alice()
47      machine.succeed("cat /home/alice/world")
48      logout()
49  '';
50})