Merge pull request #286999 from SuperSandro2000/acme-check-account-hash

tests/acme: check consistent account hash
2024-06-07 23:57:20 +02:00 · 2024-06-07 23:57:20 +02:00 · 121ba21838
commit 121ba21838
parent dc231ceabb f97594c700
1 changed files with 6 additions and 2 deletions
--- a/nixos/tests/acme.nix
+++ b/nixos/tests/acme.nix
@ -392,8 +392,6 @@ in {
  testScript = { nodes, ... }:
    let
      caDomain = nodes.acme.test-support.acme.caDomain;
-      newServerSystem = nodes.webserver.config.system.build.toplevel;
-      switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
    in
    # Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true,
    # this is because a oneshot goes from inactive => activating => inactive, and never
@ -545,6 +543,12 @@ in {
          check_fullchain(webserver, "http.example.test")
          check_issuer(webserver, "http.example.test", "pebble")

+      # Perform account hash test
+      with subtest("Assert that account hash didn't unexpected change"):
+          hash = webserver.succeed("ls /var/lib/acme/.lego/accounts/")
+          print("Account hash: " + hash)
+          assert hash.strip() == "d590213ed52603e9128d"
+
      # Perform renewal test
      with subtest("Can renew certificates when they expire"):
          hash = webserver.succeed("sha256sum /var/lib/acme/http.example.test/cert.pem")