nixos/tests/fscrypt.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / fscrypt.nix
at 25.11-pre 1.7 kB view raw
 1import ./make-test-python.nix (
 2  { ... }:
 3  {
 4    name = "fscrypt";
 5
 6    nodes.machine =
 7      { pkgs, ... }:
 8      {
 9        imports = [ ./common/user-account.nix ];
10        security.pam.enableFscrypt = true;
11      };
12
13    testScript = ''
14      def login_as_alice():
15          machine.wait_until_tty_matches("1", "login: ")
16          machine.send_chars("alice\n")
17          machine.wait_until_tty_matches("1", "Password: ")
18          machine.send_chars("foobar\n")
19          machine.wait_until_tty_matches("1", "alice\@machine")
20
21
22      def logout():
23          machine.send_chars("logout\n")
24          machine.wait_until_tty_matches("1", "login: ")
25
26
27      machine.wait_for_unit("default.target")
28
29      with subtest("Enable fscrypt on filesystem"):
30          machine.succeed("tune2fs -O encrypt /dev/vda")
31          machine.succeed("fscrypt setup --quiet --force --time=1ms")
32
33      with subtest("Set up alice with an fscrypt-enabled home directory"):
34          machine.succeed("(echo foobar; echo foobar) | passwd alice")
35          machine.succeed("chown -R alice.users ~alice")
36          machine.succeed("echo foobar | fscrypt encrypt --skip-unlock --source=pam_passphrase --user=alice /home/alice")
37
38      with subtest("Create file as alice"):
39        login_as_alice()
40        machine.succeed("echo hello > /home/alice/world")
41        logout()
42        # Wait for logout to be processed
43        machine.sleep(1)
44
45      with subtest("File should not be readable without being logged in as alice"):
46        machine.fail("cat /home/alice/world")
47
48      with subtest("File should be readable again as alice"):
49        login_as_alice()
50        machine.succeed("cat /home/alice/world")
51        logout()
52    '';
53  }
54)