Merge remote-tracking branch 'origin/master' into best-effort-supplementary-groups

author: Ben Radford <benradf@users.noreply.github.com> 2023-07-11 09:38:34 +0100
committer: Ben Radford <benradf@users.noreply.github.com> 2023-07-11 09:38:34 +0100
commit: 25b20b4ad23d05d9a1e9daf105d33b7b68e4435b (patch)
tree: 18a5255ce272403ccfd34ab0aaad7135aed50a02 /tests/linux-sandbox-cert-test.nix
parent: 754ced4a3f6d3d8865ba78a2e503776d7bd6c04f (diff)
parent: 4a880c3cc085841a1537040405bc142fefffd7ff (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/tests/linux-sandbox-cert-test.nix b/tests/linux-sandbox-cert-test.nix
new file mode 100644
index 000000000..2fc083ea9
--- /dev/null
+++ b/tests/linux-sandbox-cert-test.nix
@@ -0,0 +1,30 @@
+{ mode }:
+
+with import ./config.nix;
+
+mkDerivation (
+  {
+    name = "ssl-export";
+    buildCommand = ''
+      # Add some indirection, otherwise grepping into the debug output finds the string.
+      report () { echo CERT_$1_IN_SANDBOX; }
+
+      if [ -f /etc/ssl/certs/ca-certificates.crt ]; then
+        content=$(</etc/ssl/certs/ca-certificates.crt)
+        if [ "$content" == CERT_CONTENT ]; then
+          report present
+        fi
+      else
+        report missing
+      fi
+
+      # Always fail, because we do not want to bother with fixed-output
+      # derivations being cached, and do not want to compute the right hash.
+      false;
+    '';
+  } // {
+    fixed-output = { outputHash = "sha256:0000000000000000000000000000000000000000000000000000000000000000"; };
+    normal = { };
+  }.${mode}
+)
+
author	Ben Radford <benradf@users.noreply.github.com>	2023-07-11 09:38:34 +0100
committer	Ben Radford <benradf@users.noreply.github.com>	2023-07-11 09:38:34 +0100
commit	25b20b4ad23d05d9a1e9daf105d33b7b68e4435b (patch)
tree	18a5255ce272403ccfd34ab0aaad7135aed50a02 /tests/linux-sandbox-cert-test.nix
parent	754ced4a3f6d3d8865ba78a2e503776d7bd6c04f (diff)
parent	4a880c3cc085841a1537040405bc142fefffd7ff (diff)