tests: stop using OCR for nix copy tests

this is fragile, slow as fuck, breaks constantly under high concurrency, and completely unnecessary since ssh bypasses the stdio file descriptors *anyway*. we do still check that we see ssh messages to ensure that none of our subprocess handling messes with ssh's /dev/tty, but that's it now Change-Id: Ib8e31e1999f813d07a27efc63a9d3454a9e4fcdd
2024-10-25 16:04:08 +02:00 · 2024-10-25 16:04:08 +02:00 · 59e364c2a8
parent b020d1fc27
commit 59e364c2a8
1 changed files with 17 additions and 19 deletions
--- a/tests/nixos/nix-copy.nix
+++ b/tests/nixos/nix-copy.nix
@ -38,7 +38,6 @@ in {
        { services.openssh.enable = true;
          services.openssh.settings.PermitRootLogin = "yes";
          users.users.root.hashedPasswordFile = lib.mkForce null;
-          users.users.root.password = "foobar";
          virtualisation.writableStore = true;
          virtualisation.additionalPaths = [ pkgB pkgC ];
        };
@ -59,34 +58,33 @@ in {
    client.succeed("systemctl start network-online.target")
    server.wait_for_unit("network-online.target")
    client.wait_for_unit("network-online.target")
+    server.wait_for_unit("multi-user.target")
+    client.wait_for_unit("multi-user.target")

    server.wait_for_unit("sshd.service")
-    client.wait_for_unit("getty@tty1.service")
-    # Either the prompt: ]#
-    # or an OCR misreading of it: 1#
-    client.wait_for_text("[]1]#")

    # Copy the closure of package A from the client to the server using password authentication,
    # and check that all prompts are visible
+    # NOTE: this used to also check password prompts, but the test implementation was monumentally
+    # fragile (and hence broke constantly). since ssh interacts with /dev/tty directly fixing this
+    # requires some proper cli automation, which we do not have. however, since ssh interacts with
+    # /dev/tty directly and the host key message goes there too, we don't even need to check this.
    server.fail("nix-store --check-validity ${pkgA}")
-    client.send_chars("nix copy --to ssh://server ${pkgA} >&2; echo done\n")
-    client.wait_for_text("continue connecting")
-    client.send_chars("yes\n")
-    client.wait_for_text("Password:")
-    client.send_chars("foobar\n")
-    client.wait_for_text("done")
-    server.succeed("nix-store --check-validity ${pkgA}")
-
-    # Check that ControlMaster is working
-    client.send_chars("nix copy --to ssh://server ${pkgA} >&2; echo done\n")
-    client.wait_for_text("done")
-
-    client.copy_from_host("key", "/root/.ssh/id_ed25519")
-    client.succeed("chmod 600 /root/.ssh/id_ed25519")
+    client.succeed("echo | script -f /dev/stdout -c 'nix copy --to ssh://server ${pkgA}' | grep 'continue connecting'")

+    client.copy_from_host("key", "/root/.ssh/id_ed25519.setup")
+    client.succeed("chmod 600 /root/.ssh/id_ed25519.setup")
    # Install the SSH key on the server.
    server.copy_from_host("key.pub", "/root/.ssh/authorized_keys")
    server.succeed("systemctl restart sshd")
+
+    client.succeed("NIX_SSHOPTS='-oStrictHostKeyChecking=no -i /root/.ssh/id_ed25519.setup' nix copy --to ssh://server ${pkgA}")
+    server.succeed("nix-store --check-validity ${pkgA}")
+    # Check that ControlMaster is working
+    client.succeed("nix copy --to ssh://server ${pkgA}")
+
+    client.succeed("cp /root/.ssh/id_ed25519.setup /root/.ssh/id_ed25519")
+
    client.succeed(f"ssh -o StrictHostKeyChecking=no {server.name} 'echo hello world' >&2")
    client.succeed(f"ssh -O check {server.name}")
    client.succeed(f"ssh -O exit {server.name}")