aboutsummaryrefslogtreecommitdiff
path: root/tests/build-remote-trustless-should-pass-3.sh
diff options
context:
space:
mode:
authorJohn Ericson <John.Ericson@Obsidian.Systems>2023-04-17 09:41:39 -0400
committerJohn Ericson <John.Ericson@Obsidian.Systems>2023-04-17 13:06:21 -0400
commitd41e1bed5e1e1f87927ca1e8e6e1c1ad18b1ea7f (patch)
tree3e7fa9e4e917fecab7840f9079d0f3b9244448a5 /tests/build-remote-trustless-should-pass-3.sh
parent3f9589f17e9e03aeb45b70f436c25227c728ba51 (diff)
Experimentally allow forcing `nix-daemon` trust; use this to test
We finally test the status quo of remote build trust in a number of ways. We create a new experimental feature on `nix-daemon` to do so. PR #3921, which improves the situation with trustless remote building, will build upon these changes. This code / tests was pull out of there to make this, so everything is easier to review, and in particular we test before and after so the new behavior in that PR is readily apparent from the testsuite diff alone.
Diffstat (limited to 'tests/build-remote-trustless-should-pass-3.sh')
-rw-r--r--tests/build-remote-trustless-should-pass-3.sh14
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/build-remote-trustless-should-pass-3.sh b/tests/build-remote-trustless-should-pass-3.sh
new file mode 100644
index 000000000..40f81da5a
--- /dev/null
+++ b/tests/build-remote-trustless-should-pass-3.sh
@@ -0,0 +1,14 @@
+source common.sh
+
+enableFeatures "daemon-trust-override"
+
+restartDaemon
+
+# Remote doesn't trusts us, but this is fine because we are only
+# building (fixed) CA derivations.
+file=build-hook-ca-fixed.nix
+prog=$(readlink -e ./nix-daemon-untrusting.sh)
+proto=ssh-ng
+
+source build-remote-trustless.sh
+source build-remote-trustless-after.sh