Check the signatures when copying store paths around

Broken atm
author: regnat <rg@regnat.ovh> 2021-03-08 16:43:11 +0100
committer: regnat <rg@regnat.ovh> 2021-03-15 16:35:14 +0100
commit: 54ced9072b94515a756e1e8e76c92a42f0ccf366 (patch)
tree: 9e4bd8613a73dc749b8b9f933d5ca216904e9cfe /tests/ca
parent: 3e6017f911127555cfbed71fe4a4df8f70d08bbb (diff)
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/ca/signatures.sh b/tests/ca/signatures.sh
new file mode 100644
index 000000000..4b4e468f7
--- /dev/null
+++ b/tests/ca/signatures.sh
@@ -0,0 +1,39 @@
+source common.sh
+
+# Globally enable the ca derivations experimental flag
+sed -i 's/experimental-features = .*/& ca-derivations ca-references/' "$NIX_CONF_DIR/nix.conf"
+
+clearStore
+clearCache
+
+nix-store --generate-binary-cache-key cache1.example.org $TEST_ROOT/sk1 $TEST_ROOT/pk1
+pk1=$(cat $TEST_ROOT/pk1)
+
+export REMOTE_STORE_DIR="$TEST_ROOT/remote_store"
+export REMOTE_STORE="file://$REMOTE_STORE_DIR"
+
+ensureCorrectlyCopied () {
+    attrPath="$1"
+    nix build --store "$REMOTE_STORE" --file ./content-addressed.nix "$attrPath"
+}
+
+testOneCopy () {
+    clearStore
+    rm -rf "$REMOTE_STORE_DIR"
+
+    attrPath="$1"
+    nix copy --to $REMOTE_STORE "$attrPath" --file ./content-addressed.nix \
+        --secret-key-files "$TEST_ROOT/sk1"
+
+    ensureCorrectlyCopied "$attrPath"
+
+    # Ensure that we can copy back what we put in the store
+    clearStore
+    nix copy --from $REMOTE_STORE \
+        --file ./content-addressed.nix "$attrPath" \
+        --trusted-public-keys $pk1
+}
+
+for attrPath in rootCA dependentCA transitivelyDependentCA dependentNonCA dependentFixedOutput; do
+    testOneCopy "$attrPath"
+done
author	regnat <rg@regnat.ovh>	2021-03-08 16:43:11 +0100
committer	regnat <rg@regnat.ovh>	2021-03-15 16:35:14 +0100
commit	54ced9072b94515a756e1e8e76c92a42f0ccf366 (patch)
tree	9e4bd8613a73dc749b8b9f933d5ca216904e9cfe /tests/ca
parent	3e6017f911127555cfbed71fe4a4df8f70d08bbb (diff)