diff options
| author | John Ericson <John.Ericson@Obsidian.Systems> | 2023-05-08 10:43:37 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-08 10:43:37 -0400 |
| commit | b5d9ef0a4ce621a0f022bba7105d21d269e6455c (patch) | |
| tree | 2ea77bd15f2d513c2916fc0d4da887b0d107f23b /tests | |
| parent | cf8effdae25bac889533cff86d637512f4f74bf8 (diff) | |
| parent | df53a7d26868d7ce432e34e5d0c397886f7772f8 (diff) | |
Merge pull request #3921 from obsidiansystems/trustless-remote-builder-simple
Trustless remote building for input-addressed drvs
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/build-remote-trustless-should-fail-0.sh | 8 | ||||
| -rw-r--r-- | tests/build-remote-trustless-should-pass-2.sh | 13 | ||||
| -rw-r--r-- | tests/local.mk | 1 |
3 files changed, 18 insertions, 4 deletions
diff --git a/tests/build-remote-trustless-should-fail-0.sh b/tests/build-remote-trustless-should-fail-0.sh index 5e3d5ae07..fad1def59 100644 --- a/tests/build-remote-trustless-should-fail-0.sh +++ b/tests/build-remote-trustless-should-fail-0.sh @@ -17,13 +17,13 @@ nix-build build-hook.nix -A passthru.input2 \ --store "$TEST_ROOT/local" \ --option system-features bar -# Now when we go to build that downstream derivation, Nix will fail -# because we cannot trustlessly build input-addressed derivations with -# `inputDrv` dependencies. +# Now when we go to build that downstream derivation, Nix will try to +# copy our already-build `input2` to the remote store. That store object +# is input-addressed, so this will fail. file=build-hook.nix prog=$(readlink -e ./nix-daemon-untrusting.sh) proto=ssh-ng expectStderr 1 source build-remote-trustless.sh \ - | grepQuiet "you are not privileged to build input-addressed derivations" + | grepQuiet "cannot add path '[^ ]*' because it lacks a signature by a trusted key" diff --git a/tests/build-remote-trustless-should-pass-2.sh b/tests/build-remote-trustless-should-pass-2.sh new file mode 100644 index 000000000..b769a88f0 --- /dev/null +++ b/tests/build-remote-trustless-should-pass-2.sh @@ -0,0 +1,13 @@ +source common.sh + +enableFeatures "daemon-trust-override" + +restartDaemon + +# Remote doesn't trust us +file=build-hook.nix +prog=$(readlink -e ./nix-daemon-untrusting.sh) +proto=ssh-ng + +source build-remote-trustless.sh +source build-remote-trustless-after.sh diff --git a/tests/local.mk b/tests/local.mk index 7c3b42599..0910fcd91 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -72,6 +72,7 @@ nix_tests = \ build-remote-content-addressed-floating.sh \ build-remote-trustless-should-pass-0.sh \ build-remote-trustless-should-pass-1.sh \ + build-remote-trustless-should-pass-2.sh \ build-remote-trustless-should-pass-3.sh \ build-remote-trustless-should-fail-0.sh \ nar-access.sh \ |