diff options
| author | Guillaume Maudoux <guillaume.maudoux@tweag.io> | 2023-05-22 23:39:31 +0200 |
|---|---|---|
| committer | Guillaume Maudoux <guillaume.maudoux@tweag.io> | 2023-05-22 23:39:31 +0200 |
| commit | b9c2f834ee37c76fcb21bc5dbcd60bb58a229194 (patch) | |
| tree | 88bb73530ec0226dc3beb243accc337593efcd4e /tests/linux-sandbox.sh | |
| parent | 494a09c6dfd8bf625d38dc0f77e1af0e2e6ba686 (diff) | |
Check exact error codes in linux-sandbox.sh
Diffstat (limited to 'tests/linux-sandbox.sh')
| -rw-r--r-- | tests/linux-sandbox.sh | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/tests/linux-sandbox.sh b/tests/linux-sandbox.sh index 45f0ce7a4..5c4e0cae9 100644 --- a/tests/linux-sandbox.sh +++ b/tests/linux-sandbox.sh @@ -34,19 +34,23 @@ nix-build dependencies.nix --no-out-link --check --sandbox-paths /nix/store # Test that sandboxed builds with --check and -K can move .check directory to store nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link -(! nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link --check -K 2> $TEST_ROOT/log) -if grepQuiet 'error: renaming' $TEST_ROOT/log; then false; fi -grepQuiet 'may not be deterministic' $TEST_ROOT/log +expectStderr 104 nix-build check.nix -A nondeterministic --sandbox-paths /nix/store --no-out-link --check -K \ + | tee >( grepQuietInverse 'error: renaming' ) \ + | grepQuiet 'may not be deterministic' # Test that sandboxed builds cannot write to /etc easily -(! nix-build -E 'with import ./config.nix; mkDerivation { name = "etc-write"; buildCommand = "echo > /etc/test"; }' --no-out-link --sandbox-paths /nix/store) +expect 100 nix-build -E 'with import ./config.nix; mkDerivation { name = "etc-write"; buildCommand = "echo > /etc/test"; }' --no-out-link --sandbox-paths /nix/store ## Test mounting of SSL certificates into the sandbox testCert () { - (! nix-build linux-sandbox-cert-test.nix --argstr fixed-output "$2" --no-out-link --sandbox-paths /nix/store --option ssl-cert-file "$3" 2> $TEST_ROOT/log) - cat $TEST_ROOT/log - grepQuiet "CERT_${1}_IN_SANDBOX" $TEST_ROOT/log + expectation=$1 # "missing" | "present" + mode=$2 # "normal" | "fixed-output" + certFile=$3 # a string that can be the path to a cert file + [ "$mode" == fixed-output ] && ret=1 || ret=100 + expectStderr $ret nix-build linux-sandbox-cert-test.nix --argstr mode "$mode" --no-out-link --sandbox-paths /nix/store --option ssl-cert-file "$certFile" | \ + # tee /dev/stderr | \ + grepQuiet "CERT_${expectation}_IN_SANDBOX" } nocert=$TEST_ROOT/no-cert-file.pem |