nixos/tests/fscrypt.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / fscrypt.nix
at master 1.6 kB view raw
 1{ ... }:
 2{
 3  name = "fscrypt";
 4
 5  nodes.machine =
 6    { pkgs, ... }:
 7    {
 8      imports = [ ./common/user-account.nix ];
 9      security.pam.enableFscrypt = true;
10    };
11
12  testScript = ''
13    def login_as_alice():
14        machine.wait_until_tty_matches("1", "login: ")
15        machine.send_chars("alice\n")
16        machine.wait_until_tty_matches("1", "Password: ")
17        machine.send_chars("foobar\n")
18        machine.wait_until_tty_matches("1", "alice\@machine")
19
20
21    def logout():
22        machine.send_chars("logout\n")
23        machine.wait_until_tty_matches("1", "login: ")
24
25
26    machine.wait_for_unit("default.target")
27
28    with subtest("Enable fscrypt on filesystem"):
29        machine.succeed("tune2fs -O encrypt /dev/vda")
30        machine.succeed("fscrypt setup --quiet --force --time=1ms")
31
32    with subtest("Set up alice with an fscrypt-enabled home directory"):
33        machine.succeed("(echo foobar; echo foobar) | passwd alice")
34        machine.succeed("chown -R alice.users ~alice")
35        machine.succeed("echo foobar | fscrypt encrypt --skip-unlock --source=pam_passphrase --user=alice /home/alice")
36
37    with subtest("Create file as alice"):
38      login_as_alice()
39      machine.succeed("echo hello > /home/alice/world")
40      logout()
41      # Wait for logout to be processed
42      machine.sleep(1)
43
44    with subtest("File should not be readable without being logged in as alice"):
45      machine.fail("cat /home/alice/world")
46
47    with subtest("File should be readable again as alice"):
48      login_as_alice()
49      machine.succeed("cat /home/alice/world")
50      logout()
51  '';
52}