pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / mutable-users.nix
at master 2.7 kB view raw
1# Mutable users tests. 2 3{ pkgs, ... }: 4{ 5 name = "mutable-users"; 6 meta = with pkgs.lib.maintainers; { 7 maintainers = [ gleber ]; 8 }; 9 10 nodes = { 11 machine = { 12 specialisation.immutable.configuration = { 13 users.mutableUsers = false; 14 }; 15 16 specialisation.mutable.configuration = { 17 users.mutableUsers = true; 18 users.users.dry-test.isNormalUser = true; 19 }; 20 }; 21 }; 22 23 testScript = '' 24 machine.start() 25 machine.wait_for_unit("default.target") 26 27 # Machine starts in immutable mode. Add a user and test if reactivating 28 # configuration removes the user. 29 with subtest("Machine in immutable mode"): 30 assert "foobar" not in machine.succeed("cat /etc/passwd") 31 machine.succeed("sudo useradd foobar") 32 assert "foobar" in machine.succeed("cat /etc/passwd") 33 machine.succeed( 34 "/run/booted-system/specialisation/immutable/bin/switch-to-configuration test" 35 ) 36 assert "foobar" not in machine.succeed("cat /etc/passwd") 37 38 # In immutable mode passwd is not wrapped, while in mutable mode it is 39 # wrapped. 40 with subtest("Password is wrapped in mutable mode"): 41 assert "/run/current-system/" in machine.succeed("which passwd") 42 machine.succeed( 43 "/run/booted-system/specialisation/mutable/bin/switch-to-configuration test" 44 ) 45 assert "/run/wrappers/" in machine.succeed("which passwd") 46 47 with subtest("dry-activation does not change files"): 48 machine.succeed('test -e /home/dry-test') # home was created 49 machine.succeed('rm -rf /home/dry-test') 50 51 files_to_check = ['/etc/group', 52 '/etc/passwd', 53 '/etc/shadow', 54 '/etc/subuid', 55 '/etc/subgid', 56 '/var/lib/nixos/uid-map', 57 '/var/lib/nixos/gid-map', 58 '/var/lib/nixos/declarative-groups', 59 '/var/lib/nixos/declarative-users' 60 ] 61 expected_hashes = {} 62 expected_stats = {} 63 for file in files_to_check: 64 expected_hashes[file] = machine.succeed(f"sha256sum {file}") 65 expected_stats[file] = machine.succeed(f"stat {file}") 66 67 machine.succeed("/run/booted-system/specialisation/mutable/bin/switch-to-configuration dry-activate") 68 69 machine.fail('test -e /home/dry-test') # home was not recreated 70 for file in files_to_check: 71 assert machine.succeed(f"sha256sum {file}") == expected_hashes[file] 72 assert machine.succeed(f"stat {file}") == expected_stats[file] 73 ''; 74}