diff options
| author | Daiderd Jordan <daiderd@gmail.com> | 2019-01-15 22:14:56 +0100 |
|---|---|---|
| committer | Daiderd Jordan <daiderd@gmail.com> | 2019-01-15 22:14:56 +0100 |
| commit | c50ba6a354d939db008f2d5d4cd8da1dcda9ec12 (patch) | |
| tree | f25cdb4b6fa3e33d161d0a8c3fa6ebbbbc06d16b | |
| parent | 2e525a93da518525567987c8097787e2aa22fd7a (diff) | |
security.pki: add test for ca-certificates.crt
| -rw-r--r-- | release.nix | 1 | ||||
| -rw-r--r-- | tests/security-pki.nix | 24 |
2 files changed, 25 insertions, 0 deletions
diff --git a/release.nix b/release.nix index 1147141..78c43b3 100644 --- a/release.nix +++ b/release.nix @@ -98,6 +98,7 @@ let tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix; tests.programs-ssh = makeTest ./tests/programs-ssh.nix; tests.programs-zsh = makeTest ./tests/programs-zsh.nix; + tests.security-pki = makeTest ./tests/security-pki.nix; tests.services-activate-system = makeTest ./tests/services-activate-system.nix; tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix; tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix; diff --git a/tests/security-pki.nix b/tests/security-pki.nix new file mode 100644 index 0000000..7aa8ec8 --- /dev/null +++ b/tests/security-pki.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +{ + security.pki.certificates = [ + '' + Fake Root CA + ------------ + '' + ]; + + test = '' + echo "checking for ca-certificates.crt in /etc" >&2 + test -e ${config.out}/etc/ssl/certs/ca-certificates.crt + + echo "checking NIX_SSL_CERT_FILE in set-environment" >&2 + grep 'NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"' ${config.system.build.setEnvironment} + + echo "checking for certificates in ca-certificates.crt" >&2 + grep -q 'BEGIN CERTIFICATE' ${config.out}/etc/ssl/certs/ca-certificates.crt + + echo "checking for extra certificate in ca-certificates.crt" >&2 + grep 'Fake Root CA' ${config.out}/etc/ssl/certs/ca-certificates.crt + ''; +} |