dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions2 Packages Projects Releases Wiki Activity

Merge pull request from SuperSandro2000/acme-check-account-hash

Browse Source 
tests/acme: check consistent account hash
This commit is contained in:
Martin Weinelt 2024-06-07 23:57:20 +02:00 committed by GitHub
commit 121ba21838
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions

8
nixos/tests/acme.nix
View File

@ -392,8 +392,6 @@ in {
testScript = { nodes, ... }: testScript = { nodes, ... }:
let let
caDomain = nodes.acme.test-support.acme.caDomain; caDomain = nodes.acme.test-support.acme.caDomain;
newServerSystem = nodes.webserver.config.system.build.toplevel;
switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
in in
# Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true, # Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true,
# this is because a oneshot goes from inactive => activating => inactive, and never # this is because a oneshot goes from inactive => activating => inactive, and never
@ -545,6 +543,12 @@ in {
check_fullchain(webserver, "http.example.test") check_fullchain(webserver, "http.example.test")
check_issuer(webserver, "http.example.test", "pebble") check_issuer(webserver, "http.example.test", "pebble")
# Perform account hash test
with subtest("Assert that account hash didn't unexpected change"):
hash = webserver.succeed("ls /var/lib/acme/.lego/accounts/")
print("Account hash: " + hash)
assert hash.strip() == "d590213ed52603e9128d"
# Perform renewal test # Perform renewal test
with subtest("Can renew certificates when they expire"): with subtest("Can renew certificates when they expire"):
hash = webserver.succeed("sha256sum /var/lib/acme/http.example.test/cert.pem") hash = webserver.succeed("sha256sum /var/lib/acme/http.example.test/cert.pem")