picnoir/nix-gh
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add tests for verifying/copying content-addressed paths

Browse source 
These don't require signatures.
This commit is contained in:
Eelco Dolstra 2017-11-20 19:11:02 +01:00
parent 0c9718aabc
commit 4fcf44825f
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
tests/signing.sh
View file

@ -52,6 +52,16 @@ nix sign-paths --key-file $TEST_ROOT/sk1 $outPath2
nix verify -r $outPath2 --sigs-needed 1 --trusted-public-keys $pk1
# Build something content-addressed.
outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0)
[[ $(nix path-info --json $outPathCA) =~ '"ca":"fixed:md5:' ]]
# Content-addressed paths don't need signatures, so they verify
# regardless of --sigs-needed.
nix verify $outPathCA
nix verify $outPathCA --sigs-needed 1000
# Copy to a binary cache.
nix copy --to file://$cacheDir $outPath2
@ -73,7 +83,7 @@ rm -rf $TEST_ROOT/store0
(! nix copy --to $TEST_ROOT/store0 $outPath)
# But succeed if we supply the public keys.
(nix copy --to $TEST_ROOT/store0 $outPath --trusted-public-keys $pk1)
nix copy --to $TEST_ROOT/store0 $outPath --trusted-public-keys $pk1
expect 2 nix verify --store $TEST_ROOT/store0 -r $outPath
@ -86,3 +96,6 @@ nix copy --to $TEST_ROOT/store0?require-sigs=false $outPath2
# But signatures should still get copied.
nix verify --store $TEST_ROOT/store0 -r $outPath2 --trusted-public-keys $pk1
# Content-addressed stuff can be copied without signatures.
nix copy --to $TEST_ROOT/store0 $outPathCA