Commit graph

14 commits

Author SHA1 Message Date
John Ericson 30dcc19d1f Put functional tests in tests/functional
I think it is bad for these reasons when `tests/` contains a mix of
functional and integration tests

 - Concepts is harder to understand, the documentation makes a good
   unit vs functional vs integration distinction, but when the
   integration tests are just two subdirs within `tests/` this is not
   clear.

 - Source filtering in the `flake.nix` is more complex. We need to
   filter out some of the dirs from `tests/`, rather than simply pick
   the dirs we want and take all of them. This is a good sign the
   structure of what we are trying to do is not matching the structure
   of the files.

With this change we have a clean:
```shell-session
$ git show 'HEAD:tests'
tree HEAD:tests

functional/
installer/
nixos/
```

(cherry picked from commit 68c81c737571794f7246db53fb4774e94fcf4b7e)
2023-12-01 12:06:43 -05:00
Robert Hensing 9fc82de493 signing.sh: Revert test improvement because it fails on GHA + macOS 2023-07-07 15:37:09 +02:00
Robert Hensing fefb947132 tests/signing.sh: Check signature checking error message
We should check error messages, so that we know the command fails for
the right reason.
Alternatively, a mere typo can run the test undetected.
2023-06-30 18:23:44 +02:00
John Ericson a2a8cb10ac Dodge "trusted" vs "trustworthy" by being explicit
Hopefully this is best!
2022-09-22 14:37:52 -04:00
John Ericson 752f967c0f "valid signature" -> "trustworthy signature"
I just had a colleague get confused by the previous phrase for good
reason. "valid" sounds like an *objective* criterion, e.g. and *invalid
signature* would be one that would be trusted by no one, e.g. because it
misformatted or something.

What is actually going is that there might be a signature which is
perfectly valid to *someone else*, but not to the user, because they
don't trust the corresponding public key. This is a *subjective*
criterion, because it depends on the arbitrary and personal choice of
which public keys to trust.

I therefore think "trustworthy" is a better adjective to use. Whether
something is worthy of trust is clearly subjective, and then "trust"
within that word nicely evokes `trusted-public-keys` and friends.
2022-09-22 10:49:31 -04:00
Eelco Dolstra d33eca8539 Rename 'nix store sign-paths' to 'nix store sign' 2021-01-13 23:32:37 +01:00
Eelco Dolstra ea2062a2d9 Move most store-related commands to 'nix store' 2020-12-03 23:22:22 +01:00
Will Fancher b7091ce41e Add a test for signed content-addressed paths 2018-09-25 22:18:52 -04:00
Eelco Dolstra e3013543d3 Fix test 2017-12-07 01:07:07 +01:00
Eelco Dolstra 4fcf44825f
Add tests for verifying/copying content-addressed paths
These don't require signatures.
2017-11-20 19:11:02 +01:00
Eelco Dolstra 0c9718aabc
Add tests for signature checking when copying between local stores 2017-11-20 19:02:57 +01:00
Eelco Dolstra 7a2b64e55c
binary-cache-public-keys -> trusted-public-keys
The name had become a misnomer since it's not only for substitution
from binary caches, but when adding/copying any
(non-content-addressed) path to a store.
2017-11-20 17:32:34 +01:00
Eelco Dolstra ec5b04862b
nix sign-paths: Support binary caches 2017-11-14 18:44:05 +01:00
Eelco Dolstra d6dbda7004
Add tests for "nix verify", "nix sign-paths" etc. 2017-11-14 18:24:20 +01:00