nixos/tests/mutable-users.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / mutable-users.nix
at 23.11-pre 2.7 kB view raw
 1# Mutable users tests.
 2
 3import ./make-test-python.nix ({ pkgs, ...} : {
 4  name = "mutable-users";
 5  meta = with pkgs.lib.maintainers; {
 6    maintainers = [ gleber ];
 7  };
 8
 9  nodes = {
10    machine = { ... }: {
11      users.mutableUsers = false;
12    };
13    mutable = { ... }: {
14      users.mutableUsers = true;
15      users.users.dry-test.isNormalUser = true;
16    };
17  };
18
19  testScript = {nodes, ...}: let
20    immutableSystem = nodes.machine.config.system.build.toplevel;
21    mutableSystem = nodes.mutable.config.system.build.toplevel;
22  in ''
23    machine.start()
24    machine.wait_for_unit("default.target")
25
26    # Machine starts in immutable mode. Add a user and test if reactivating
27    # configuration removes the user.
28    with subtest("Machine in immutable mode"):
29        assert "foobar" not in machine.succeed("cat /etc/passwd")
30        machine.succeed("sudo useradd foobar")
31        assert "foobar" in machine.succeed("cat /etc/passwd")
32        machine.succeed(
33            "${immutableSystem}/bin/switch-to-configuration test"
34        )
35        assert "foobar" not in machine.succeed("cat /etc/passwd")
36
37    # In immutable mode passwd is not wrapped, while in mutable mode it is
38    # wrapped.
39    with subtest("Password is wrapped in mutable mode"):
40        assert "/run/current-system/" in machine.succeed("which passwd")
41        machine.succeed(
42            "${mutableSystem}/bin/switch-to-configuration test"
43        )
44        assert "/run/wrappers/" in machine.succeed("which passwd")
45
46    with subtest("dry-activation does not change files"):
47        machine.succeed('test -e /home/dry-test')  # home was created
48        machine.succeed('rm -rf /home/dry-test')
49
50        files_to_check = ['/etc/group',
51                          '/etc/passwd',
52                          '/etc/shadow',
53                          '/etc/subuid',
54                          '/etc/subgid',
55                          '/var/lib/nixos/uid-map',
56                          '/var/lib/nixos/gid-map',
57                          '/var/lib/nixos/declarative-groups',
58                          '/var/lib/nixos/declarative-users'
59                         ]
60        expected_hashes = {}
61        expected_stats = {}
62        for file in files_to_check:
63            expected_hashes[file] = machine.succeed(f"sha256sum {file}")
64            expected_stats[file] = machine.succeed(f"stat {file}")
65
66        machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate")
67
68        machine.fail('test -e /home/dry-test')  # home was not recreated
69        for file in files_to_check:
70            assert machine.succeed(f"sha256sum {file}") == expected_hashes[file]
71            assert machine.succeed(f"stat {file}") == expected_stats[file]
72  '';
73})