pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / systemd-homed.nix
at 25.11-pre 4.3 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, lib, ... }: 3 let 4 password = "foobarfoo"; 5 newPass = "barfoobar"; 6 in 7 { 8 name = "systemd-homed"; 9 nodes.machine = 10 { config, pkgs, ... }: 11 { 12 services.homed.enable = true; 13 14 users.users.test-normal-user = { 15 extraGroups = [ "wheel" ]; 16 isNormalUser = true; 17 initialPassword = password; 18 }; 19 }; 20 testScript = '' 21 def switchTTY(number): 22 machine.send_key(f"alt-f{number}") 23 machine.wait_until_succeeds(f"[ $(fgconsole) = {number} ]") 24 machine.wait_for_unit(f"getty@tty{number}.service") 25 machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{number}'") 26 27 machine.wait_for_unit("multi-user.target") 28 29 # Smoke test to make sure the pam changes didn't break regular users. 30 machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") 31 with subtest("login as regular user"): 32 switchTTY(2) 33 machine.wait_until_tty_matches("2", "login: ") 34 machine.send_chars("test-normal-user\n") 35 machine.wait_until_tty_matches("2", "login: test-normal-user") 36 machine.wait_until_tty_matches("2", "Password: ") 37 machine.send_chars("${password}\n") 38 machine.wait_until_succeeds("pgrep -u test-normal-user bash") 39 machine.send_chars("whoami > /tmp/1\n") 40 machine.wait_for_file("/tmp/1") 41 assert "test-normal-user" in machine.succeed("cat /tmp/1") 42 43 with subtest("create homed encrypted user"): 44 # TODO: Figure out how to pass password manually. 45 # 46 # This environment variable is used for homed internal testing 47 # and is not documented. 48 machine.succeed("NEWPASSWORD=${password} homectl create --shell=/run/current-system/sw/bin/bash --storage=luks -G wheel test-homed-user") 49 50 with subtest("login as homed user"): 51 switchTTY(3) 52 machine.wait_until_tty_matches("3", "login: ") 53 machine.send_chars("test-homed-user\n") 54 machine.wait_until_tty_matches("3", "login: test-homed-user") 55 machine.wait_until_tty_matches("3", "Password: ") 56 machine.send_chars("${password}\n") 57 machine.wait_until_succeeds("pgrep -t tty3 -u test-homed-user bash") 58 machine.send_chars("whoami > /tmp/2\n") 59 machine.wait_for_file("/tmp/2") 60 assert "test-homed-user" in machine.succeed("cat /tmp/2") 61 62 with subtest("change homed user password"): 63 switchTTY(4) 64 machine.wait_until_tty_matches("4", "login: ") 65 machine.send_chars("test-homed-user\n") 66 machine.wait_until_tty_matches("4", "login: test-homed-user") 67 machine.wait_until_tty_matches("4", "Password: ") 68 machine.send_chars("${password}\n") 69 machine.wait_until_succeeds("pgrep -t tty4 -u test-homed-user bash") 70 machine.send_chars("passwd\n") 71 # homed does it in a weird order, it asks for new passes, then it asks 72 # for the old one. 73 machine.sleep(2) 74 machine.send_chars("${newPass}\n") 75 machine.sleep(2) 76 machine.send_chars("${newPass}\n") 77 machine.sleep(4) 78 machine.send_chars("${password}\n") 79 machine.wait_until_fails("pgrep -t tty4 passwd") 80 81 @polling_condition 82 def not_logged_in_tty5(): 83 machine.fail("pgrep -t tty5 bash") 84 85 switchTTY(5) 86 with not_logged_in_tty5: # type: ignore[union-attr] 87 machine.wait_until_tty_matches("5", "login: ") 88 machine.send_chars("test-homed-user\n") 89 machine.wait_until_tty_matches("5", "login: test-homed-user") 90 machine.wait_until_tty_matches("5", "Password: ") 91 machine.send_chars("${password}\n") 92 machine.wait_until_tty_matches("5", "Password incorrect or not sufficient for authentication of user test-homed-user.") 93 machine.wait_until_tty_matches("5", "Sorry, try again: ") 94 machine.send_chars("${newPass}\n") 95 machine.send_chars("whoami > /tmp/4\n") 96 machine.wait_for_file("/tmp/4") 97 assert "test-homed-user" in machine.succeed("cat /tmp/4") 98 99 with subtest("homed user should be in wheel according to NSS"): 100 machine.succeed("userdbctl group wheel -s io.systemd.NameServiceSwitch | grep test-homed-user") 101 ''; 102 } 103)