binary-cache/tests/signature.nix
2024-07-17 18:36:20 +02:00

75 lines
2 KiB
Nix

{ pkgs }:
let
#hello = pkgs.hello.overrideAttrs { pname = "custom-hello"; };
inherit (pkgs) hello;
in
pkgs.testers.runNixOSTest (_: {
name = "cache signature upload test";
nodes = {
cache =
{ config, ... }:
{
imports = [
./common
../modules
];
system.extraDependencies = [ hello ];
services.tvix-binary-cache = {
enable = true;
caches = {
cache.port = 8000;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts.cache = {
default = true;
locations = {
"/cache".return = "302 /cache/";
"/cache/" = {
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/";
};
};
extraConfig = "client_max_body_size 1G;";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
client =
{ lib, ... }:
{
imports = [ ./common ];
nix.settings = {
substituters = lib.mkForce [ "http://cache/cache" ];
trusted-public-keys = lib.mkForce [ (builtins.readFile ./cache-keys/pubkey) ];
};
};
};
testScript = ''
import sys
import time
start_all()
cache.wait_for_unit("nginx.service")
cache.wait_for_unit("nar-bridge-cache.service")
time.sleep(1)
with subtest("Nar bridge home"):
out = cache.succeed("curl -L http://127.0.0.1/cache")
if out != "nar-bridge":
sys.exit(1)
with subtest("Path signature and copy"):
# Sign
cache.succeed("nix store sign -k ${./cache-keys/privkey} ${hello}")
cache.succeed("nix copy --to 'http://127.0.0.1/cache/?compression=none' ${hello}")
with subtest("Substitution"):
client.succeed("nix-store --delete ${hello}")
client.fail("stat ${hello}")
client.succeed("nix-store -r ${hello}")
client.succeed("stat ${hello}")
'';
})