2017-11-12 19:18:10 +00:00
|
|
|
# Mutable users tests.
|
|
|
|
|
2019-12-15 18:53:17 +00:00
|
|
|
import ./make-test-python.nix ({ pkgs, ...} : {
|
2017-11-12 19:18:10 +00:00
|
|
|
name = "mutable-users";
|
2021-01-10 19:08:30 +00:00
|
|
|
meta = with pkgs.lib.maintainers; {
|
2017-11-12 19:18:10 +00:00
|
|
|
maintainers = [ gleber ];
|
|
|
|
};
|
|
|
|
|
|
|
|
nodes = {
|
2024-09-08 13:42:47 +01:00
|
|
|
machine = {
|
|
|
|
specialisation.immutable.configuration = {
|
|
|
|
users.mutableUsers = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
specialisation.mutable.configuration = {
|
|
|
|
users.mutableUsers = true;
|
|
|
|
users.users.dry-test.isNormalUser = true;
|
|
|
|
};
|
2017-11-12 19:18:10 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-09-08 13:42:47 +01:00
|
|
|
testScript = ''
|
2019-12-15 18:53:17 +00:00
|
|
|
machine.start()
|
|
|
|
machine.wait_for_unit("default.target")
|
2017-11-12 19:18:10 +00:00
|
|
|
|
|
|
|
# Machine starts in immutable mode. Add a user and test if reactivating
|
|
|
|
# configuration removes the user.
|
2019-12-15 18:53:17 +00:00
|
|
|
with subtest("Machine in immutable mode"):
|
|
|
|
assert "foobar" not in machine.succeed("cat /etc/passwd")
|
|
|
|
machine.succeed("sudo useradd foobar")
|
|
|
|
assert "foobar" in machine.succeed("cat /etc/passwd")
|
|
|
|
machine.succeed(
|
2024-09-08 13:42:47 +01:00
|
|
|
"/run/booted-system/specialisation/immutable/bin/switch-to-configuration test"
|
2019-12-15 18:53:17 +00:00
|
|
|
)
|
|
|
|
assert "foobar" not in machine.succeed("cat /etc/passwd")
|
2017-11-12 19:18:10 +00:00
|
|
|
|
|
|
|
# In immutable mode passwd is not wrapped, while in mutable mode it is
|
|
|
|
# wrapped.
|
2019-12-15 18:53:17 +00:00
|
|
|
with subtest("Password is wrapped in mutable mode"):
|
|
|
|
assert "/run/current-system/" in machine.succeed("which passwd")
|
|
|
|
machine.succeed(
|
2024-09-08 13:42:47 +01:00
|
|
|
"/run/booted-system/specialisation/mutable/bin/switch-to-configuration test"
|
2019-12-15 18:53:17 +00:00
|
|
|
)
|
|
|
|
assert "/run/wrappers/" in machine.succeed("which passwd")
|
2021-09-03 16:21:36 +01:00
|
|
|
|
|
|
|
with subtest("dry-activation does not change files"):
|
|
|
|
machine.succeed('test -e /home/dry-test') # home was created
|
|
|
|
machine.succeed('rm -rf /home/dry-test')
|
|
|
|
|
|
|
|
files_to_check = ['/etc/group',
|
|
|
|
'/etc/passwd',
|
|
|
|
'/etc/shadow',
|
|
|
|
'/etc/subuid',
|
|
|
|
'/etc/subgid',
|
|
|
|
'/var/lib/nixos/uid-map',
|
|
|
|
'/var/lib/nixos/gid-map',
|
|
|
|
'/var/lib/nixos/declarative-groups',
|
|
|
|
'/var/lib/nixos/declarative-users'
|
|
|
|
]
|
|
|
|
expected_hashes = {}
|
|
|
|
expected_stats = {}
|
|
|
|
for file in files_to_check:
|
|
|
|
expected_hashes[file] = machine.succeed(f"sha256sum {file}")
|
|
|
|
expected_stats[file] = machine.succeed(f"stat {file}")
|
|
|
|
|
2024-09-08 13:42:47 +01:00
|
|
|
machine.succeed("/run/booted-system/specialisation/mutable/bin/switch-to-configuration dry-activate")
|
2021-09-03 16:21:36 +01:00
|
|
|
|
|
|
|
machine.fail('test -e /home/dry-test') # home was not recreated
|
|
|
|
for file in files_to_check:
|
|
|
|
assert machine.succeed(f"sha256sum {file}") == expected_hashes[file]
|
|
|
|
assert machine.succeed(f"stat {file}") == expected_stats[file]
|
2017-11-12 19:18:10 +00:00
|
|
|
'';
|
|
|
|
})
|