Allow to sign path as unprivileged user

User can now sign path as unprivileged/allowed user refs #1708
author: Jean-François Roche <jfroche@pyxel.be> 2023-06-27 12:01:08 +0200
committer: Jean-François Roche <jfroche@pyxel.be> 2023-06-27 18:31:31 +0200
commit: 80c9259756811c1165167db1bb66c1fef0accb65 (patch)
tree: cf05cfc40b5f61854ebd8fdb87d9154cee576b3c /tests/nixos/authorization.nix
parent: 8e770dac9f68162cfbb368e53f928df491babff3 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/tests/nixos/authorization.nix b/tests/nixos/authorization.nix
index 7e8744dd9..fdeae06ed 100644
--- a/tests/nixos/authorization.nix
+++ b/tests/nixos/authorization.nix
@@ -75,5 +75,20 @@
       su --login bob -c '(! nix-store --verify --repair 2>&1)' | tee diag 1>&2
       grep -F "you are not privileged to repair paths" diag
     """)
+
+    machine.succeed("""
+        set -x
+        su --login mallory -c '
+          nix-store --generate-binary-cache-key cache1.example.org sk1 pk1
+          (! nix store sign --key-file sk1 ${pathFour} 2>&1)' | tee diag 1>&2
+        grep -F "cannot open connection to remote store 'daemon'" diag
+    """)
+
+    machine.succeed("""
+        su --login bob -c '
+          nix-store --generate-binary-cache-key cache1.example.org sk1 pk1
+          nix store sign --key-file sk1 ${pathFour}
+        '
+    """)
   '';
 }
author	Jean-François Roche <jfroche@pyxel.be>	2023-06-27 12:01:08 +0200
committer	Jean-François Roche <jfroche@pyxel.be>	2023-06-27 18:31:31 +0200
commit	80c9259756811c1165167db1bb66c1fef0accb65 (patch)
tree	cf05cfc40b5f61854ebd8fdb87d9154cee576b3c /tests/nixos/authorization.nix
parent	8e770dac9f68162cfbb368e53f928df491babff3 (diff)